From owner-freebsd-current@FreeBSD.ORG Mon Apr 3 22:35:34 2006 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AC8016A400; Mon, 3 Apr 2006 22:35:34 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76E4843D58; Mon, 3 Apr 2006 22:35:22 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 4F55B46C4D; Mon, 3 Apr 2006 18:35:21 -0400 (EDT) Date: Mon, 3 Apr 2006 23:35:21 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "Marc G. Fournier" In-Reply-To: <20060403160231.P947@ganymede.hub.org> Message-ID: <20060403233030.W76562@fledge.watson.org> References: <20060403003318.K947@ganymede.hub.org> <20060403163220.F36756@fledge.watson.org> <20060403132401.I947@ganymede.hub.org> <20060403174952.E76562@fledge.watson.org> <20060403160231.P947@ganymede.hub.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: pjd@FreeBSD.org, freebsd-current@FreeBSD.org, freebsd-stable@FreeBSD.org Subject: Re: new feature: private IPC for every jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 22:35:35 -0000 On Mon, 3 Apr 2006, Marc G. Fournier wrote: > On Mon, 3 Apr 2006, Robert Watson wrote: > >> So the question is this: if you load System V IPC support after you start a >> jail, how do we handle jails that have already started? Do we go out and >> create new name spaces for jails already started (a problem for method (1), >> because it implies System V IPC will have pretty intimate knowledge of >> jails, and know how to walk lists, etc), do we deny access to System V IPC >> for jails not present when it was loaded? Likewise, although we tend to >> refer to the different IPC mechanisms as in a single category, System V >> IPC, there are actually three name spaces, and the functionality for each >> can be loaded separately. > > Stupid question, but why does a namespace need to be created prior to a > process in the jail needing it? "if jail requests IPC, and IPC is loaded, > then create namespace at that point" ... ? In principle, it can be done any time, but there are some nice simplifying assumptions about doing it up-front: among these is that the point of jail creation is very useful from a security perspective because you're not running contained code at that point, only code that's sufficiently privileged to perform the jail creation operation, and that you can avoid extra synchronization (locking) of the name space reference to make sure it's acessed and allocated with reasonable atomicity. It should be possible to allocate on demand, although there could be catches I haven't thought of by virtue of not trying it. Robert N M Watson