Date: Tue, 04 Apr 2006 07:55:50 -0400 From: Michael Butler <imb@protected-networks.net> To: Robert Watson <rwatson@FreeBSD.org> Cc: Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-current@FreeBSD.org, freebsd-stable@FreeBSD.org Subject: Re: new feature: private IPC for every jail Message-ID: <44325EC6.9090608@protected-networks.net> In-Reply-To: <20060404124313.B76562@fledge.watson.org> References: <20060403003318.K947@ganymede.hub.org> <20060403163220.F36756@fledge.watson.org> <20060404100750.GG683@turion.vk2pj.dyndns.org> <20060404112938.G76562@fledge.watson.org> <20060404114107.GJ683@turion.vk2pj.dyndns.org> <20060404124313.B76562@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms030900080501040703080208 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Robert Watson wrote: > Would it make more sense to simply allocate ID's sequentially, and > simply not allow access to objects with a non-matching prison? .. This depends on the expected size of the system-wide pool; sequential allocation invites sequential searches of the name/id-space when looking for items any individual jail-id "owns". However, what would work is a linked list of associated ids from each jail descriptor thereby creating the list of things to deallocate on jail termination, -- Michael Butler, CISSP Security Architect Protected Networks http://www.protected-networks.net --------------ms030900080501040703080208 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIN0DCC BuQwggTMoAMCAQICATEwDQYJKoZIhvcNAQEFBQAwgccxCzAJBgNVBAYTAlVTMQswCQYDVQQI EwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4w HAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3 b3JrcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0 ZWQtbmV0d29ya3MubmV0MB4XDTA2MDIwNzE0MDE0NloXDTExMDMwODE0MDE0NlowgagxCzAJ BgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJv dGVjdGVkIE5ldHdvcmtzMRQwEgYDVQQLEwtNYWlsIGNsaWVudDEcMBoGA1UEAxMTSWFpbiBN aWNoYWVsIEJ1dGxlcjEpMCcGCSqGSIb3DQEJARYaaW1iQHByb3RlY3RlZC1uZXR3b3Jrcy5u ZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJGiIrZoBOaYG7p44h64oIsBmQmi0n4 vfRKAdQY1TGGXAWWAWjdhJDUJJCLrkv2a3chbEBWfKOr+n8vHV5wI5fHN7Yp+9R7wVQ5Hb/F rUp3fZPRx83rd8+FvrtBLcfKDT7J8cIaUF+I14YTPFMSf6thm55hrjLIUB2FlPFrcH/7AgMB AAGjggJ6MIICdjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDBGBglghkgBhvhCAQ0E ORY3Q2VydGlmaWNhdGUgaXNzdWVkIGJ5IGh0dHA6Ly93d3cucHJvdGVjdGVkLW5ldHdvcmtz Lm5ldDAdBgNVHQ4EFgQUKTHICg24Uox83sZjRL50XypVU0IwgfwGA1UdIwSB9DCB8YAUVEXu oZyg4TYTDDa5wzviGlSDFj6hgc2kgcowgccxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQ MA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4wHAYDVQQL ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3b3JrcyBD ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0 d29ya3MubmV0ggkAzFwjxK9/fmIwJQYDVR0SBB4wHIEaaW1iQHByb3RlY3RlZC1uZXR3b3Jr cy5uZXQwRwYJYIZIAYb4QgEEBDoWOGh0dHA6Ly93d3cucHJvdGVjdGVkLW5ldHdvcmtzLm5l dC9Qcm90ZWN0ZWRfTmV0d29ya3MuY3JsMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly93d3cu cHJvdGVjdGVkLW5ldHdvcmtzLm5ldC9Qcm90ZWN0ZWRfTmV0d29ya3MuY3JsMCUGA1UdEQQe MByBGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MA4GA1UdDwEB/wQEAwIF4DANBgkqhkiG 9w0BAQUFAAOCAgEAlS1aZVoA0yQSiK8Jds1K1pZE7dvE6yJHcih3tMqBah5tzTHMDBoeuu7b rJ6lEbYM6r/y1WSJ+0PtMyMac/QxAw1nEtKmECOcNMUlwjiazDonHKNw/BjyCcZZ18SRL63p Jr209xa6c93PfSUFkM2ya8TfHnAjcfcR8NNsr53I6g/jItLqTltY56xglP8OVjDf7fXpzXhV 8w66pmye0tTldcTE95YjVGhr24aM5l42Mp6wveHQIaO9nALa5p3ujqMX72EpCG/phC7dy/2g xdhG7epqtWCEsC7XI4CrBke/fx4TO0T5tLhKGLFtNeqHXl3CjFnxGv9HAm6vutDpM90sTs5e F1M04tM2b7asNKAj0o1AOm0TIPk8obIOnu/8ifbOIOax8WtsbaR9wbpi5JU10FZdZPYfx91b NMztR/1ViCTsvAxPkluU3/I2EPjQZKpbwu7h06D+FH++9aStylZL0N9Hyf09EsYfYL3LGzWn NkMmmzSRHYtD8dHHWpby9OLsWtvKOqG7nrE0e5QZ8CWmc8xeAa4vGQDRTqkk3ALwiUeI/LG7 IoBCqVQXJWnTPtD2wcssG2j9phlDBa5XRo49yC/MTYOHmuAib/oORtsMR49Pv4/wTVNcwvZ+ iY473W36N0mfXXcEL7GD2OPzl89vIBLeUeP5gl3sKoV2JqYJBzwwggbkMIIEzKADAgECAgEx MA0GCSqGSIb3DQEBBQUAMIHHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcT B01lZGZvcmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3JrczEeMBwGA1UECxMVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MTEwLwYDVQQDEyhQcm90ZWN0ZWQgTmV0d29ya3MgQ2VydGlmaWNh dGUgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhppbWJAcHJvdGVjdGVkLW5ldHdvcmtzLm5l dDAeFw0wNjAyMDcxNDAxNDZaFw0xMTAzMDgxNDAxNDZaMIGoMQswCQYDVQQGEwJVUzELMAkG A1UECBMCTUExEDAOBgNVBAcTB01lZGZvcmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3Jr czEUMBIGA1UECxMLTWFpbCBjbGllbnQxHDAaBgNVBAMTE0lhaW4gTWljaGFlbCBCdXRsZXIx KTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MIGfMA0GCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQCyRoiK2aATmmBu6eOIeuKCLAZkJotJ+L30SgHUGNUxhlwFlgFo 3YSQ1CSQi65L9mt3IWxAVnyjq/p/Lx1ecCOXxze2KfvUe8FUOR2/xa1Kd32T0cfN63fPhb67 QS3Hyg0+yfHCGlBfiNeGEzxTEn+rYZueYa4yyFAdhZTxa3B/+wIDAQABo4ICejCCAnYwCQYD VR0TBAIwADARBglghkgBhvhCAQEEBAMCBLAwRgYJYIZIAYb4QgENBDkWN0NlcnRpZmljYXRl IGlzc3VlZCBieSBodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3b3Jrcy5uZXQwHQYDVR0OBBYE FCkxyAoNuFKMfN7GY0S+dF8qVVNCMIH8BgNVHSMEgfQwgfGAFFRF7qGcoOE2Eww2ucM74hpU gxY+oYHNpIHKMIHHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcTB01lZGZv cmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3JrczEeMBwGA1UECxMVQ2VydGlmaWNhdGUg QXV0aG9yaXR5MTEwLwYDVQQDEyhQcm90ZWN0ZWQgTmV0d29ya3MgQ2VydGlmaWNhdGUgQXV0 aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhppbWJAcHJvdGVjdGVkLW5ldHdvcmtzLm5ldIIJAMxc I8Svf35iMCUGA1UdEgQeMByBGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MEcGCWCGSAGG +EIBBAQ6FjhodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3b3Jrcy5uZXQvUHJvdGVjdGVkX05l dHdvcmtzLmNybDBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3 b3Jrcy5uZXQvUHJvdGVjdGVkX05ldHdvcmtzLmNybDAlBgNVHREEHjAcgRppbWJAcHJvdGVj dGVkLW5ldHdvcmtzLm5ldDAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggIBAJUt WmVaANMkEoivCXbNStaWRO3bxOsiR3Iod7TKgWoebc0xzAwaHrru26yepRG2DOq/8tVkiftD 7TMjGnP0MQMNZxLSphAjnDTFJcI4msw6JxyjcPwY8gnGWdfEkS+t6Sa9tPcWunPdz30lBZDN smvE3x5wI3H3EfDTbK+dyOoP4yLS6k5bWOesYJT/DlYw3+316c14VfMOuqZsntLU5XXExPeW I1Roa9uGjOZeNjKesL3h0CGjvZwC2uad7o6jF+9hKQhv6YQu3cv9oMXYRu3qarVghLAu1yOA qwZHv38eEztE+bS4ShixbTXqh15dwoxZ8Rr/RwJur7rQ6TPdLE7OXhdTNOLTNm+2rDSgI9KN QDptEyD5PKGyDp7v/In2ziDmsfFrbG2kfcG6YuSVNdBWXWT2H8fdWzTM7Uf9VYgk7LwMT5Jb lN/yNhD40GSqW8Lu4dOg/hR/vvWkrcpWS9DfR8n9PRLGH2C9yxs1pzZDJps0kR2LQ/HRx1qW 8vTi7Frbyjqhu56xNHuUGfAlpnPMXgGuLxkA0U6pJNwC8IlHiPyxuyKAQqlUFyVp0z7Q9sHL LBto/aYZQwWuV0aOPcgvzE2Dh5rgIm/6DkbbDEePT7+P8E1TXML2fomOO91t+jdJn113BC+x g9jj85fPbyAS3lHj+YJd7CqFdiamCQc8MYID7TCCA+kCAQEwgc0wgccxCzAJBgNVBAYTAlVT MQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5l dHdvcmtzMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3Rl Y3RlZCBOZXR3b3JrcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmlt YkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0AgExMAkGBSsOAwIaBQCgggJ1MBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA2MDQwNDExNTU1MFowIwYJKoZIhvcN AQkEMRYEFM1/xaw1ciIwRgPNfNMWsj/pBNjpMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMIHeBgkrBgEEAYI3EAQxgdAwgc0wgccxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQ MA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4wHAYDVQQL ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3b3JrcyBD ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0 d29ya3MubmV0AgExMIHgBgsqhkiG9w0BCRACCzGB0KCBzTCBxzELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAk1BMRAwDgYDVQQHEwdNZWRmb3JkMRswGQYDVQQKExJQcm90ZWN0ZWQgTmV0d29y a3MxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAxMoUHJvdGVjdGVk IE5ldHdvcmtzIENlcnRpZmljYXRlIEF1dGhvcml0eTEpMCcGCSqGSIb3DQEJARYaaW1iQHBy b3RlY3RlZC1uZXR3b3Jrcy5uZXQCATEwDQYJKoZIhvcNAQEBBQAEgYAYHAZXKkUiu3e78CH7 y1HsrxIqDKLweZEbbqT8yiYfjICefCCJFebdqY8US5fy0zR7YBmL42vMCo7BJKvGt9b07Slr ZZz8SAa9uZZ6809Spj5Xzunu6TEJnCnwvKSZQnbavV6Vbqt2lywYi9IGGTHp+HnKnCzwfYeR j9cRKDLsJwAAAAAAAA== --------------ms030900080501040703080208--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44325EC6.9090608>