From owner-freebsd-doc  Fri Jun  7  6:30:19 2002
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8E09237B404
	for <freebsd-doc@hub.freebsd.org>; Fri,  7 Jun 2002 06:30:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g57DU1k06339;
	Fri, 7 Jun 2002 06:30:01 -0700 (PDT)
	(envelope-from gnats)
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 55DCA37B405
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  7 Jun 2002 06:21:36 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g57DLZhG099890
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 7 Jun 2002 06:21:35 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g57DLZ9r099889;
	Fri, 7 Jun 2002 06:21:35 -0700 (PDT)
Message-Id: <200206071321.g57DLZ9r099889@www.freebsd.org>
Date: Fri, 7 Jun 2002 06:21:35 -0700 (PDT)
From: Sergey Lyubka <devnull@uptsoft.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: docs/38982: developers-hanbook/Jail fix
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org


>Number:         38982
>Category:       docs
>Synopsis:       developers-hanbook/Jail fix
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 07 06:30:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Sergey Lyubka
>Release:        FreeBSD4.6-RC
>Organization:
Asita Technologies Int.
>Environment:
FreeBSD yoda.asitatech.ie 4.6-RC FreeBSD 4.6-RC #7: Thu May 23 15:08:05 GMT 2002     root@yoda.asitatech.ie:/usr/obj/usr/src/sys/DEVNULL  i386

>Description:
few inaccuracies found
>How-To-Repeat:
      
>Fix:
--- chapter.sgml.orig	Wed Jun  5 15:32:23 2002
+++ chapter.sgml	Wed Jun  5 15:32:06 2002
@@ -302,8 +302,11 @@
           structures, &man.fork.2; checks if the structure
           <literal>p->p_prison</literal> is filled on
           <literal>p2</literal>. If it is, it increments the
-          <literal>pr.ref</literal> by one, and sets the
-          <literal>p_flag</literal> to one on the child process.</para>
+          <literal>pr.ref</literal> by one, and sets P_JAILED flag in
+          <literal>p_flag</literal> node. The prison structure,
+	  <literal>pr</literal>, is referenced by all the processes in a same
+	  jail, so reference counter should be incremented after every new
+	  process has been forked, and decremented after process' exit.</para>
 
         <programlisting><filename>/usr/src/sys/kern/kern_fork.c</filename>:
 if (p2->p_prison) {
@@ -330,8 +333,10 @@
       <title>SysV IPC</title>
 
       <para>System V IPC is based on messages. Processes can send each
-        other these messages which tell them how to act. The functions
-        which deal with messages are: <literal>msgsys</literal>,
+        other these messages which tell them how to act. Actually, the
+	messages are sent and received from a special memory area,
+	called message queue. Message queue resides in kernel address space.
+	The functions which deal with messages are: <literal>msgsys</literal>,
         <literal>msgctl</literal>, <literal>msgget</literal>,
         <literal>msgsend</literal> and <literal>msgrcv</literal>.
         Earlier, I mentioned that there were certain sysctls you could
@@ -340,23 +345,31 @@
         most systems, this sysctl is set to 0. If it were set to 1, it
         would defeat the whole purpose of having a jail; privleged
         users from within the jail would be able to affect processes
-        outside of the environment. The difference between a message
-        and a signal is that the message only consists of the signal
+        outside of the environment. </para>
+	<!--
+	The difference between a message
+        and a signal is that the signal only consists of the signal
         number.</para>
 
+	No. there are much more differences - in generetion, handling and
+	delivery. For instance, process will not receive a message until
+	it calls an appropriate function, while signal could be delivered
+	without any actions from process. Signal cannot be treated as a
+	message with one data field - signal number.
+	-->
+
       <para><filename>/usr/src/sys/kern/sysv_msg.c</filename>:</para>
 
       <itemizedlist>
         <listitem> <para>&man.msgget.3;: msgget returns (and possibly
-        creates) a message descriptor that designates a message queue
+        creates) a message queue descriptor that designates a message queue
         for use in other system calls.</para></listitem>
 
         <listitem> <para>&man.msgctl.3;: Using this function, a process
-        can query the status of a message
-        descriptor.</para></listitem>
+        can query the status of a message queue.</para></listitem>
 
         <listitem> <para>&man.msgsnd.3;: msgsnd sends a message to a
-        process.</para></listitem>
+        message queue.</para></listitem>
 
         <listitem> <para>&man.msgrcv.3;: a process receives messages using
         this function</para></listitem>
@@ -489,7 +502,8 @@
         network layer 2. There are certain precautions which are
         taken in order to prevent a jailed process from binding a
         protocol to a certain port only if the <literal>nam</literal>
-        parameter is set. nam is a pointer to a sockaddr structure,
+        parameter is set when calling <function>pcbind</function> function.
+	nam is a pointer to a sockaddr structure,
         which describes the address on which to bind the service. A
         more exact definition is that sockaddr "may be used as a
         template for reffering to the identifying tag and length of

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message