From owner-cvs-src@FreeBSD.ORG  Wed Apr  9 15:40:45 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 75FC937B401; Wed,  9 Apr 2003 15:40:45 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8BDB443F85; Wed,  9 Apr 2003 15:40:44 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.9/8.12.9) with SMTP id h39Mf3YY030798;
	Wed, 9 Apr 2003 18:41:04 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 9 Apr 2003 18:41:03 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
In-Reply-To: <20030409142231.GX1280@garage.freebsd.pl>
Message-ID: <Pine.NEB.3.96L.1030409183734.30751A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: cvs-all@FreeBSD.org
cc: Mike Barcroft <mike@FreeBSD.org>
Subject: Re: cvs commit: src/usr.bin/killall killall.1 killall.c
	src/usr.sbin Makefile src/usr.sbin/jail jail.8 jail.c
	src/usr.sbin/jexec Makefile jexec.8 jexec.c src/usr.sbin/jls
	Makefile jls.8 jls.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2003 22:40:46 -0000


On Wed, 9 Apr 2003, Pawel Jakub Dawidek wrote:

> Nice work!! Global list with all prisons was really needed.
> 
> But IMHO JID should be a string, not a number. For example we're running
> many jails at startup or somewhere else and because JID is set dynamicly
> there could be problems in writing scripts for handle jails (attaching
> processes to it or something).  As we can see on your example, we aren't
> able to find out which jail was ran first (looking at PIDs isn't good
> idea:)).  If JID will be a string there will be no such problems. 
> 
> What you think? 

Hmm.  In the jailNG patches, I used a string name for each jail, for
pretty much that reason: jid values are meaningless, but
administrator-provided jail names can be quite a bit more useful.  I would
not be opposed to that direction at all, although it's worth noting that
Mike managed to maintain the current ABI and API for jail() with the
current model.  One of the issues with user-provided names, if you adopt
the hierarchal jail changes you posted, is how to control the namespace.
Since jail id's have no real meaning themselves, no one really cares which
jail gets jid 2038201.  With a jail name, you might care about issues such
as name spoofing, etc.  One of the problems that jid's do have, and it's
related, is the race condition issue present for pids: better not get the
wrong jail in the same we we can currently get the wrong process. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories