From owner-freebsd-arch Mon Sep 4 10:57:45 2000 Delivered-To: freebsd-arch@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id C283737B423; Mon, 4 Sep 2000 10:57:42 -0700 (PDT) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id KAA05432; Mon, 4 Sep 2000 10:57:42 -0700 (PDT) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id KAA13872; Mon, 4 Sep 2000 10:57:41 -0700 (PDT) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id KAA21915; Mon, 4 Sep 2000 10:57:41 -0700 (PDT) From: Don Lewis Message-Id: <200009041757.KAA21915@salsa.gv.tsc.tdk.com> Date: Mon, 4 Sep 2000 10:57:40 -0700 In-Reply-To: References: X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: Robert Watson , Don Lewis Subject: Re: Request for review: restructuring of per-uid resource limits Cc: freebsd-arch@FreeBSD.ORG Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sep 4, 1:41pm, Robert Watson wrote: } Subject: Re: Request for review: restructuring of per-uid resource limits } On Mon, 4 Sep 2000, Don Lewis wrote: } } > It would probably be easier to invert this and add a pointer to the } > resource pool to the credential (and p_prison should probably be moved } > to ucred). Trying to figure out anything from proc doesn't work too } > well in the case of things like sbsize, since sockets may stick around } > a lot longer than the processes that created them. Sockets do hang on } > to a reference to the credential. } } Ok, sounds good to me -- I've been meaning to look further into moving } this kind of thing into the credential for a while, due to similar kinds } of problems in setting up capabilities and MAC. Ideally, everything } required to make access control and resource bound decisions should be } accessible from the process's credential, making things like sockets and } files work correctly. Another thing to be moved into the credential, } then, is probably support for the various P_ flags relating to access } control. This inthe long run will mean that fewer cred structures can be } shared, but I think that's survivable. The only two obvious flags I see are P_JAILED and P_SUGID. The former wouldn't hurt sharing, especially if p_prison is moved as well. I have mixed feelings about moving the latter, since it really is private to a process. } BTW, was the NFS panic to do with changing the contents of struct ucred? } I've noticed some odd stuff there -- a differentiation should definitely } be made between internal credential handling in NFS, and the OS credential } structure, as they contain potentially quite different things. Not exactly -- nfs_statfs() allocates a temporary credential with crget() and didn't fill in the uidinfo pointer, which it didn't know anything about. When it called crfree(), crfree() called uifree(NULL), which went BOOM. I added an extra test to crfree(). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message