Date: Mon, 3 Apr 2006 16:07:07 -0300 (ADT) From: "Marc G. Fournier" <scrappy@hub.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: pjd@FreeBSD.org, freebsd-current@FreeBSD.org, freebsd-stable@FreeBSD.org Subject: Re: new feature: private IPC for every jail Message-ID: <20060403160231.P947@ganymede.hub.org> In-Reply-To: <20060403174952.E76562@fledge.watson.org> References: <20060403003318.K947@ganymede.hub.org> <20060403163220.F36756@fledge.watson.org> <20060403132401.I947@ganymede.hub.org> <20060403174952.E76562@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Apr 2006, Robert Watson wrote: > So the question is this: if you load System V IPC support after you > start a jail, how do we handle jails that have already started? Do we go > out and create new name spaces for jails already started (a problem for > method (1), because it implies System V IPC will have pretty intimate > knowledge of jails, and know how to walk lists, etc), do we deny access > to System V IPC for jails not present when it was loaded? Likewise, > although we tend to refer to the different IPC mechanisms as in a single > category, System V IPC, there are actually three name spaces, and the > functionality for each can be loaded separately. Stupid question, but why does a namespace need to be created prior to a process in the jail needing it? "if jail requests IPC, and IPC is loaded, then create namespace at that point" ... ? ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403160231.P947>