From owner-freebsd-stable@FreeBSD.ORG Mon Apr 3 19:07:13 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76FA016A400; Mon, 3 Apr 2006 19:07:13 +0000 (UTC) (envelope-from scrappy@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61F8743D64; Mon, 3 Apr 2006 19:07:12 +0000 (GMT) (envelope-from scrappy@hub.org) Received: from localhost (av.hub.org [200.46.204.144]) by hub.org (Postfix) with ESMTP id 7ABF28244C4; Mon, 3 Apr 2006 16:07:06 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 61860-09; Mon, 3 Apr 2006 16:07:08 -0300 (ADT) Received: from ganymede.hub.org (blk-222-82-85.eastlink.ca [24.222.82.85]) by hub.org (Postfix) with ESMTP id CC74582448C; Mon, 3 Apr 2006 16:07:05 -0300 (ADT) Received: by ganymede.hub.org (Postfix, from userid 1000) id BC73238A6B; Mon, 3 Apr 2006 16:07:07 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id BB02C341E8; Mon, 3 Apr 2006 16:07:07 -0300 (ADT) Date: Mon, 3 Apr 2006 16:07:07 -0300 (ADT) From: "Marc G. Fournier" To: Robert Watson In-Reply-To: <20060403174952.E76562@fledge.watson.org> Message-ID: <20060403160231.P947@ganymede.hub.org> References: <20060403003318.K947@ganymede.hub.org> <20060403163220.F36756@fledge.watson.org> <20060403132401.I947@ganymede.hub.org> <20060403174952.E76562@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at hub.org Cc: pjd@FreeBSD.org, freebsd-current@FreeBSD.org, freebsd-stable@FreeBSD.org Subject: Re: new feature: private IPC for every jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 19:07:13 -0000 On Mon, 3 Apr 2006, Robert Watson wrote: > So the question is this: if you load System V IPC support after you > start a jail, how do we handle jails that have already started? Do we go > out and create new name spaces for jails already started (a problem for > method (1), because it implies System V IPC will have pretty intimate > knowledge of jails, and know how to walk lists, etc), do we deny access > to System V IPC for jails not present when it was loaded? Likewise, > although we tend to refer to the different IPC mechanisms as in a single > category, System V IPC, there are actually three name spaces, and the > functionality for each can be loaded separately. Stupid question, but why does a namespace need to be created prior to a process in the jail needing it? "if jail requests IPC, and IPC is loaded, then create namespace at that point" ... ? ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664