From owner-cvs-all@FreeBSD.ORG Sat Nov 20 14:49:47 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23ADA16A4CE; Sat, 20 Nov 2004 14:49:47 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F0CE43D2D; Sat, 20 Nov 2004 14:49:46 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id iAKEm6LJ017725; Sat, 20 Nov 2004 09:48:07 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)iAKEm6jP017722; Sat, 20 Nov 2004 14:48:06 GMT (envelope-from robert@fledge.watson.org) Date: Sat, 20 Nov 2004 14:48:06 +0000 (GMT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Alexander Leidinger In-Reply-To: <20041120152558.342d5eac@Magellan.Leidinger.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= cc: src-committers@freebsd.org cc: cvs-all@freebsd.org cc: cvs-src@freebsd.org Subject: Re: cvs commit: src/sys/sys msg.h sem.h shm.h X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2004 14:49:47 -0000 On Sat, 20 Nov 2004, Alexander Leidinger wrote: > On Sat, 20 Nov 2004 13:14:32 +0000 (GMT) > Robert Watson wrote: > > > > Are you talking about the userland API, or about the in-kernel API? > > > > Userland API; implementing the kernel side, modulo dealing with the > > loading and unloading issue, is relatively straight forward. > > > > > If you are talking about the userland API: wouldn't it be more easy if > > > we use the following constraints? > > > - The admin of the host has no direct access to the jails IPC, only an > > > admin in the jail can manage it (the host admin can use jexec to > > > manage IPC). > > > - If a jail gets shut down, all IPC resources of this jail are removed. > > > > Sure. But that makes it fairly inconvenient to track resource usage over > > a large number of jails. > > One step after another... :-) First we get the feature "everyone" is > asking about, then we look how to improve it. We don't have to keep > those restrictions, but in the mean time having them is better than the > actual way of doing things with System V IPC. One of the primary virtues of Jail is that it is not only every convenient to use and manage, but that the implementation is easy to comprhend and conservaitive, maximizing the chances that the implementation is correct. These virtues generally don't apply to System V IPC, which is why it is hard to wedge into Jail in a sensible manner. While a solution is clearly desired, attempting to implement a consistent and sensible solution is a much better idea than hacking it together and leaving us with an unmaintable and barely usable implementation. A little bit of time spent now considering the implications of an approach can save a lot of time later that will be wasted chasing obscure bugs or haivng users trying to work around difficult to solve problems that are a property of a poor design. In particular, if you introduce APIs and tools now that work poorly, we will be obligated to continue supporting them for compatibility reasons in the future for a substantial period of time. My feeling is that adopting a model that lends itself to easy mangement is critical to the success of any additions to Jail, and should be a primary concern up front. Let's not turn Jail into a pile of hacks... Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research