Date: Thu, 14 May 2009 11:44:17 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: virtualization@FreeBSD.org, jail@FreeBSD.org, FreeBSD Current <freebsd-current@FreeBSD.org> Subject: Re: Hierarchical jails Message-ID: <4A0C5871.1080407@FreeBSD.org> In-Reply-To: <4A0C55CF.70706@elischer.org> References: <4A051DE3.30705@FreeBSD.org> <4A0C5112.9010103@FreeBSD.org> <4A0C55CF.70706@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote: > Jamie Gritton wrote: >>> prison0 contains three fields that were system globals: pr_root, >>> pr_host, and pr_securelevel. I've kept the globals rootvnode and >>> hostname, and take care that when one is changed the other changes too >>> (not yet true for hostname - read on). But I've actually removed the >>> global securelevel, instead forcing people to use securelevel_gt() and >>> securelevel_ge() (or in very rare cases to check prison0.pr_securelevel >>> directly). I chose to do that because while using the global rootvnode >>> and hostname may be incorrect, using the wrong securelevel is, well, >>> insecure. Actually it would be insecure to use the wrong rootvnode too, >>> but I'm not convinced removing that global is worth the headache. > > not sure why you want to keep hostname a true global > It seems to me that it is an eminently virtalizable property. > though possible a special hostname might exist for the base system > for error messages etc. > kind of like V_hostname an G_hostname :) It was mostly for the number of times I saw that global being used - didn't want to upset the order of things too much. I didn't see nearly as much use of securelevel with the advent of securelevel_ge() and securelevel_gt(). But I suppose the G/V_hostname thing has already gotten that ball rolling. There is at least one place that uses the global securelevel directly (i.e. prison0.securelevel). The same could be done for hostnames, which does a pretty good job of pointing out that this is the global hostname being used. Because you're right - the hostname is at the center of of what it means to have a jail identity. Then there's rootvnode, the third global that's superseded by hierarchical jails. I could also remove that, allowing the use of prison0.pr_root for those who need the real root.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A0C5871.1080407>