Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 04 Apr 2006 07:55:50 -0400
From:      Michael Butler <imb@protected-networks.net>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-current@FreeBSD.org, freebsd-stable@FreeBSD.org
Subject:   Re: new feature: private IPC for every jail
Message-ID:  <44325EC6.9090608@protected-networks.net>
In-Reply-To: <20060404124313.B76562@fledge.watson.org>
References:  <20060403003318.K947@ganymede.hub.org>	<20060403163220.F36756@fledge.watson.org>	<20060404100750.GG683@turion.vk2pj.dyndns.org>	<20060404112938.G76562@fledge.watson.org>	<20060404114107.GJ683@turion.vk2pj.dyndns.org> <20060404124313.B76562@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format.

--------------ms030900080501040703080208
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Robert Watson wrote:

> Would it make more sense to simply allocate ID's sequentially, and 
> simply not allow access to objects with a non-matching prison? ..

This depends on the expected size of the system-wide pool; sequential 
allocation invites sequential searches of the name/id-space when looking 
for items any individual jail-id "owns".

However, what would work is a linked list of associated ids from each 
jail descriptor thereby creating the list of things to deallocate on 
jail termination,

-- 
Michael Butler, CISSP
Security Architect
Protected Networks
http://www.protected-networks.net

--------------ms030900080501040703080208
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIN0DCC
BuQwggTMoAMCAQICATEwDQYJKoZIhvcNAQEFBQAwgccxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4w
HAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3
b3JrcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0
ZWQtbmV0d29ya3MubmV0MB4XDTA2MDIwNzE0MDE0NloXDTExMDMwODE0MDE0NlowgagxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJv
dGVjdGVkIE5ldHdvcmtzMRQwEgYDVQQLEwtNYWlsIGNsaWVudDEcMBoGA1UEAxMTSWFpbiBN
aWNoYWVsIEJ1dGxlcjEpMCcGCSqGSIb3DQEJARYaaW1iQHByb3RlY3RlZC1uZXR3b3Jrcy5u
ZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJGiIrZoBOaYG7p44h64oIsBmQmi0n4
vfRKAdQY1TGGXAWWAWjdhJDUJJCLrkv2a3chbEBWfKOr+n8vHV5wI5fHN7Yp+9R7wVQ5Hb/F
rUp3fZPRx83rd8+FvrtBLcfKDT7J8cIaUF+I14YTPFMSf6thm55hrjLIUB2FlPFrcH/7AgMB
AAGjggJ6MIICdjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDBGBglghkgBhvhCAQ0E
ORY3Q2VydGlmaWNhdGUgaXNzdWVkIGJ5IGh0dHA6Ly93d3cucHJvdGVjdGVkLW5ldHdvcmtz
Lm5ldDAdBgNVHQ4EFgQUKTHICg24Uox83sZjRL50XypVU0IwgfwGA1UdIwSB9DCB8YAUVEXu
oZyg4TYTDDa5wzviGlSDFj6hgc2kgcowgccxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQ
MA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4wHAYDVQQL
ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3b3JrcyBD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0
d29ya3MubmV0ggkAzFwjxK9/fmIwJQYDVR0SBB4wHIEaaW1iQHByb3RlY3RlZC1uZXR3b3Jr
cy5uZXQwRwYJYIZIAYb4QgEEBDoWOGh0dHA6Ly93d3cucHJvdGVjdGVkLW5ldHdvcmtzLm5l
dC9Qcm90ZWN0ZWRfTmV0d29ya3MuY3JsMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly93d3cu
cHJvdGVjdGVkLW5ldHdvcmtzLm5ldC9Qcm90ZWN0ZWRfTmV0d29ya3MuY3JsMCUGA1UdEQQe
MByBGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MA4GA1UdDwEB/wQEAwIF4DANBgkqhkiG
9w0BAQUFAAOCAgEAlS1aZVoA0yQSiK8Jds1K1pZE7dvE6yJHcih3tMqBah5tzTHMDBoeuu7b
rJ6lEbYM6r/y1WSJ+0PtMyMac/QxAw1nEtKmECOcNMUlwjiazDonHKNw/BjyCcZZ18SRL63p
Jr209xa6c93PfSUFkM2ya8TfHnAjcfcR8NNsr53I6g/jItLqTltY56xglP8OVjDf7fXpzXhV
8w66pmye0tTldcTE95YjVGhr24aM5l42Mp6wveHQIaO9nALa5p3ujqMX72EpCG/phC7dy/2g
xdhG7epqtWCEsC7XI4CrBke/fx4TO0T5tLhKGLFtNeqHXl3CjFnxGv9HAm6vutDpM90sTs5e
F1M04tM2b7asNKAj0o1AOm0TIPk8obIOnu/8ifbOIOax8WtsbaR9wbpi5JU10FZdZPYfx91b
NMztR/1ViCTsvAxPkluU3/I2EPjQZKpbwu7h06D+FH++9aStylZL0N9Hyf09EsYfYL3LGzWn
NkMmmzSRHYtD8dHHWpby9OLsWtvKOqG7nrE0e5QZ8CWmc8xeAa4vGQDRTqkk3ALwiUeI/LG7
IoBCqVQXJWnTPtD2wcssG2j9phlDBa5XRo49yC/MTYOHmuAib/oORtsMR49Pv4/wTVNcwvZ+
iY473W36N0mfXXcEL7GD2OPzl89vIBLeUeP5gl3sKoV2JqYJBzwwggbkMIIEzKADAgECAgEx
MA0GCSqGSIb3DQEBBQUAMIHHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcT
B01lZGZvcmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3JrczEeMBwGA1UECxMVQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MTEwLwYDVQQDEyhQcm90ZWN0ZWQgTmV0d29ya3MgQ2VydGlmaWNh
dGUgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhppbWJAcHJvdGVjdGVkLW5ldHdvcmtzLm5l
dDAeFw0wNjAyMDcxNDAxNDZaFw0xMTAzMDgxNDAxNDZaMIGoMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCTUExEDAOBgNVBAcTB01lZGZvcmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3Jr
czEUMBIGA1UECxMLTWFpbCBjbGllbnQxHDAaBgNVBAMTE0lhaW4gTWljaGFlbCBCdXRsZXIx
KTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQCyRoiK2aATmmBu6eOIeuKCLAZkJotJ+L30SgHUGNUxhlwFlgFo
3YSQ1CSQi65L9mt3IWxAVnyjq/p/Lx1ecCOXxze2KfvUe8FUOR2/xa1Kd32T0cfN63fPhb67
QS3Hyg0+yfHCGlBfiNeGEzxTEn+rYZueYa4yyFAdhZTxa3B/+wIDAQABo4ICejCCAnYwCQYD
VR0TBAIwADARBglghkgBhvhCAQEEBAMCBLAwRgYJYIZIAYb4QgENBDkWN0NlcnRpZmljYXRl
IGlzc3VlZCBieSBodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3b3Jrcy5uZXQwHQYDVR0OBBYE
FCkxyAoNuFKMfN7GY0S+dF8qVVNCMIH8BgNVHSMEgfQwgfGAFFRF7qGcoOE2Eww2ucM74hpU
gxY+oYHNpIHKMIHHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcTB01lZGZv
cmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3JrczEeMBwGA1UECxMVQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MTEwLwYDVQQDEyhQcm90ZWN0ZWQgTmV0d29ya3MgQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhppbWJAcHJvdGVjdGVkLW5ldHdvcmtzLm5ldIIJAMxc
I8Svf35iMCUGA1UdEgQeMByBGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MEcGCWCGSAGG
+EIBBAQ6FjhodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3b3Jrcy5uZXQvUHJvdGVjdGVkX05l
dHdvcmtzLmNybDBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3
b3Jrcy5uZXQvUHJvdGVjdGVkX05ldHdvcmtzLmNybDAlBgNVHREEHjAcgRppbWJAcHJvdGVj
dGVkLW5ldHdvcmtzLm5ldDAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggIBAJUt
WmVaANMkEoivCXbNStaWRO3bxOsiR3Iod7TKgWoebc0xzAwaHrru26yepRG2DOq/8tVkiftD
7TMjGnP0MQMNZxLSphAjnDTFJcI4msw6JxyjcPwY8gnGWdfEkS+t6Sa9tPcWunPdz30lBZDN
smvE3x5wI3H3EfDTbK+dyOoP4yLS6k5bWOesYJT/DlYw3+316c14VfMOuqZsntLU5XXExPeW
I1Roa9uGjOZeNjKesL3h0CGjvZwC2uad7o6jF+9hKQhv6YQu3cv9oMXYRu3qarVghLAu1yOA
qwZHv38eEztE+bS4ShixbTXqh15dwoxZ8Rr/RwJur7rQ6TPdLE7OXhdTNOLTNm+2rDSgI9KN
QDptEyD5PKGyDp7v/In2ziDmsfFrbG2kfcG6YuSVNdBWXWT2H8fdWzTM7Uf9VYgk7LwMT5Jb
lN/yNhD40GSqW8Lu4dOg/hR/vvWkrcpWS9DfR8n9PRLGH2C9yxs1pzZDJps0kR2LQ/HRx1qW
8vTi7Frbyjqhu56xNHuUGfAlpnPMXgGuLxkA0U6pJNwC8IlHiPyxuyKAQqlUFyVp0z7Q9sHL
LBto/aYZQwWuV0aOPcgvzE2Dh5rgIm/6DkbbDEePT7+P8E1TXML2fomOO91t+jdJn113BC+x
g9jj85fPbyAS3lHj+YJd7CqFdiamCQc8MYID7TCCA+kCAQEwgc0wgccxCzAJBgNVBAYTAlVT
MQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5l
dHdvcmtzMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3Rl
Y3RlZCBOZXR3b3JrcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmlt
YkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0AgExMAkGBSsOAwIaBQCgggJ1MBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA2MDQwNDExNTU1MFowIwYJKoZIhvcN
AQkEMRYEFM1/xaw1ciIwRgPNfNMWsj/pBNjpMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
AgEoMIHeBgkrBgEEAYI3EAQxgdAwgc0wgccxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQ
MA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4wHAYDVQQL
ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3b3JrcyBD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0
d29ya3MubmV0AgExMIHgBgsqhkiG9w0BCRACCzGB0KCBzTCBxzELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAk1BMRAwDgYDVQQHEwdNZWRmb3JkMRswGQYDVQQKExJQcm90ZWN0ZWQgTmV0d29y
a3MxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAxMoUHJvdGVjdGVk
IE5ldHdvcmtzIENlcnRpZmljYXRlIEF1dGhvcml0eTEpMCcGCSqGSIb3DQEJARYaaW1iQHBy
b3RlY3RlZC1uZXR3b3Jrcy5uZXQCATEwDQYJKoZIhvcNAQEBBQAEgYAYHAZXKkUiu3e78CH7
y1HsrxIqDKLweZEbbqT8yiYfjICefCCJFebdqY8US5fy0zR7YBmL42vMCo7BJKvGt9b07Slr
ZZz8SAa9uZZ6809Spj5Xzunu6TEJnCnwvKSZQnbavV6Vbqt2lywYi9IGGTHp+HnKnCzwfYeR
j9cRKDLsJwAAAAAAAA==
--------------ms030900080501040703080208--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44325EC6.9090608>