From owner-freebsd-current@FreeBSD.ORG Mon Apr 3 15:35:05 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB29216A401; Mon, 3 Apr 2006 15:35:05 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB0D143D49; Mon, 3 Apr 2006 15:35:04 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id CE5D046B08; Mon, 3 Apr 2006 11:34:59 -0400 (EDT) Date: Mon, 3 Apr 2006 16:34:59 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "Marc G. Fournier" In-Reply-To: <20060403003318.K947@ganymede.hub.org> Message-ID: <20060403163220.F36756@fledge.watson.org> References: <20060403003318.K947@ganymede.hub.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: pjd@FreeBSD.org, freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: new feature: private IPC for every jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 15:35:05 -0000 On Mon, 3 Apr 2006, Marc G. Fournier wrote: > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/48471 > > [kernel] [patch] new feature: private IPC for every jail > > Its an ancient, 4.x patch for having private IPC in a jail ... not sure how > hard it would be to bring it up to 6.x / -current standards though ... but > it seems like something 'good' that is needed ... In the past I've looked at doing things along these lines, but usually stall after a first hack when trying to decide how to deal with two critical issues: (1) The fact that system v ipc primitives are loadable, and unloadable, which requires some careful handling relating to registration order, etc. (2) The name space model for system v ipc is flat, so while it's desirable to allow the administrator in the host environment to monitor and control resource use in the jail (for example, delete allocated but unused segments), doing that requires developing an administrative model for it. These challenges can be surmounted, but the doing them in a nice way requires some thought. Robert N M Watson