FreeBSD Mail Archives

Date:      Tue, 04 Apr 2006 07:55:50 -0400
From:      Michael Butler <imb@protected-networks.net>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-current@FreeBSD.org, freebsd-stable@FreeBSD.org
Subject:   Re: new feature: private IPC for every jail
Message-ID:  <44325EC6.9090608@protected-networks.net>
In-Reply-To: <20060404124313.B76562@fledge.watson.org>
References:  <20060403003318.K947@ganymede.hub.org>	<20060403163220.F36756@fledge.watson.org>	<20060404100750.GG683@turion.vk2pj.dyndns.org>	<20060404112938.G76562@fledge.watson.org>	<20060404114107.GJ683@turion.vk2pj.dyndns.org> <20060404124313.B76562@fledge.watson.org>


[-- Attachment #1 --]
Robert Watson wrote:

> Would it make more sense to simply allocate ID's sequentially, and 
> simply not allow access to objects with a non-matching prison? ..

This depends on the expected size of the system-wide pool; sequential 
allocation invites sequential searches of the name/id-space when looking 
for items any individual jail-id "owns".

However, what would work is a linked list of associated ids from each 
jail descriptor thereby creating the list of things to deallocate on 
jail termination,

-- 
Michael Butler, CISSP
Security Architect
Protected Networks
http://www.protected-networks.net

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��
�0��0�̠10
	*�H��
0��10	UUS10	UMA10UMedford10U
Protected Networks10UCertificate Authority110/U(Protected Networks Certificate Authority1)0'	*�H��
	imb@protected-networks.net0
060207140146Z
110308140146Z0��10	UUS10	UMA10UMedford10U
Protected Networks10UMail client10UIain Michael Butler1)0'	*�H��
	imb@protected-networks.net0��0
	*�H��
��0�����F��٠�`n��z�,d&�I���J��1�\�h݄��$���K�kw!l@V|���/^p#��7�)��{�T9�ŭJw}�����wυ��A-��
>���P_�׆<S�a��a�2�P���kp���z0�v0	U00	`�H��B�0F	`�H��B
97Certificate issued by http://www.protected-networks.net0U)1�

�R�|��cD�t_*USB0��U#��0��TE��66��;�T�>��ͤ��0��10	UUS10	UMA10UMedford10U
Protected Networks10UCertificate Authority110/U(Protected Networks Certificate Authority1)0'	*�H��
	imb@protected-networks.net�	�\#į~b0%U0�imb@protected-networks.net0G	`�H��B:8http://www.protected-networks.net/Protected_Networks.crl0IUB0@0>�<�:�8http://www.protected-networks.net/Protected_Networks.crl0%U0�imb@protected-networks.net0U��0
	*�H��
��-ZeZ�$��	v�J֖D����"Gr(w�ʁjm�1���۬������d��C�3#s�1
gҦ#�4�%�8��:'�p��	�Y�đ/��&����s��}%�Ͳk��p#q���l�����"��N[X�`��V0�����xU���l����u����#Thkۆ��^62�����!������a)o�.������F��j�`��.�#��G�;D���J�m5�^]Y��Gn����3�,N�^S4��6o��4�#ҍ@:m �<�������� ��klm�}��b�5�V]d���[4��G�U�$�O�[���6��d�[���Ӡ������VK��G��=�`��5�6C&�4��C���Z�����Z��:����4{��%�s�^�/�N�$���G����"�B�T%i�>����,h��C�WF�=�/�M����"o�F�G�O���MS\��~��;�m�7I�]w/������o �Q���]�*�v&�	<0��0�̠10
	*�H��
0��10	UUS10	UMA10UMedford10U
Protected Networks10UCertificate Authority110/U(Protected Networks Certificate Authority1)0'	*�H��
	imb@protected-networks.net0
060207140146Z
110308140146Z0��10	UUS10	UMA10UMedford10U
Protected Networks10UMail client10UIain Michael Butler1)0'	*�H��
	imb@protected-networks.net0��0
	*�H��
��0�����F��٠�`n��z�,d&�I���J��1�\�h݄��$���K�kw!l@V|���/^p#��7�)��{�T9�ŭJw}�����wυ��A-��
>���P_�׆<S�a��a�2�P���kp���z0�v0	U00	`�H��B�0F	`�H��B
97Certificate issued by http://www.protected-networks.net0U)1�

�R�|��cD�t_*USB0��U#��0��TE��66��;�T�>��ͤ��0��10	UUS10	UMA10UMedford10U
Protected Networks10UCertificate Authority110/U(Protected Networks Certificate Authority1)0'	*�H��
	imb@protected-networks.net�	�\#į~b0%U0�imb@protected-networks.net0G	`�H��B:8http://www.protected-networks.net/Protected_Networks.crl0IUB0@0>�<�:�8http://www.protected-networks.net/Protected_Networks.crl0%U0�imb@protected-networks.net0U��0
	*�H��
��-ZeZ�$��	v�J֖D����"Gr(w�ʁjm�1���۬������d��C�3#s�1
gҦ#�4�%�8��:'�p��	�Y�đ/��&����s��}%�Ͳk��p#q���l�����"��N[X�`��V0�����xU���l����u����#Thkۆ��^62�����!������a)o�.������F��j�`��.�#��G�;D���J�m5�^]Y��Gn����3�,N�^S4��6o��4�#ҍ@:m �<�������� ��klm�}��b�5�V]d���[4��G�U�$�O�[���6��d�[���Ӡ������VK��G��=�`��5�6C&�4��C���Z�����Z��:����4{��%�s�^�/�N�$���G����"�B�T%i�>����,h��C�WF�=�/�M����"o�F�G�O���MS\��~��;�m�7I�]w/������o �Q���]�*�v&�	<1��0��0��0��10	UUS10	UMA10UMedford10U
Protected Networks10UCertificate Authority110/U(Protected Networks Certificate Authority1)0'	*�H��
	imb@protected-networks.net10	+��u0	*�H��
	1	*�H��
0	*�H��
	1
060404115550Z0#	*�H��
	1�Ŭ5r"0F�|��?���0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71��0��0��10	UUS10	UMA10UMedford10U
Protected Networks10UCertificate Authority110/U(Protected Networks Certificate Authority1)0'	*�H��
	imb@protected-networks.net10��*�H��
	1�Р��0��10	UUS10	UMA10UMedford10U
Protected Networks10UCertificate Authority110/U(Protected Networks Certificate Authority1)0'	*�H��
	imb@protected-networks.net10
	*�H��
��W*E"�w��!��Q�*��y�n���&���| ��ݩ�K���4{`��k�
��$�Ʒ���)ke��H���z�OR�>W����1	�)𼤙Bvڽ^�n�v�,��1��yʜ,�}����(2�'

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44325EC6.9090608>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation