From owner-freebsd-current@FreeBSD.ORG Tue Apr 4 11:56:00 2006 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEBA716A41F; Tue, 4 Apr 2006 11:56:00 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from aaron.protected-networks.net (aaron.protected-networks.net [202.12.127.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AF7E43D46; Tue, 4 Apr 2006 11:55:59 +0000 (GMT) (envelope-from imb@protected-networks.net) Received: from localhost (localhost [127.0.0.1]) by aaron.protected-networks.net (Postfix) with ESMTP id E98B7C576; Tue, 4 Apr 2006 07:55:58 -0400 (EDT) Received: from aaron.protected-networks.net (localhost [127.0.0.1]) by aaron.protected-networks.net (Postfix) with ESMTP id DE09FC4C6; Tue, 4 Apr 2006 07:55:53 -0400 (EDT) Authentication-Results: aaron.protected-networks.net from=imb@protected-networks.net; domainkey=pass Received: from aaron.protected-networks.net (localhost [127.0.0.1]) by aaron.protected-networks.net (Postfix) with ESMTP id 46FEDC434; Tue, 4 Apr 2006 07:55:53 -0400 (EDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=200509; d=protected-networks.net; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type; b=HTHD2LBy+UxxcFx2sTMV/VxI5wTbkX00qZ+9GTH/9ftflIWp9kccxFXtdWOxfdDdariQyQtANM4NzfQ41U4UHdlb2Yrlc5Ms6UtCVEh3kPp5sCFc/QkMXgsou0MQb/Dy; Received: from [192.168.1.11] (c-24-218-147-31.hsd1.ma.comcast.net [24.218.147.31]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Iain Michael Butler", Issuer "Protected Networks Certificate Authority" (verified OK)) by aaron.protected-networks.net (Postfix) with ESMTP id CC367C29E; Tue, 4 Apr 2006 07:55:52 -0400 (EDT) Message-ID: <44325EC6.9090608@protected-networks.net> Date: Tue, 04 Apr 2006 07:55:50 -0400 From: Michael Butler User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Robert Watson References: <20060403003318.K947@ganymede.hub.org> <20060403163220.F36756@fledge.watson.org> <20060404100750.GG683@turion.vk2pj.dyndns.org> <20060404112938.G76562@fledge.watson.org> <20060404114107.GJ683@turion.vk2pj.dyndns.org> <20060404124313.B76562@fledge.watson.org> In-Reply-To: <20060404124313.B76562@fledge.watson.org> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030900080501040703080208" X-Mailman-Approved-At: Wed, 05 Apr 2006 12:18:01 +0000 Cc: Peter Jeremy , freebsd-current@FreeBSD.org, freebsd-stable@FreeBSD.org Subject: Re: new feature: private IPC for every jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 11:56:01 -0000 This is a cryptographically signed message in MIME format. --------------ms030900080501040703080208 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Robert Watson wrote: > Would it make more sense to simply allocate ID's sequentially, and > simply not allow access to objects with a non-matching prison? .. This depends on the expected size of the system-wide pool; sequential allocation invites sequential searches of the name/id-space when looking for items any individual jail-id "owns". However, what would work is a linked list of associated ids from each jail descriptor thereby creating the list of things to deallocate on jail termination, -- Michael Butler, CISSP Security Architect Protected Networks http://www.protected-networks.net --------------ms030900080501040703080208 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIN0DCC BuQwggTMoAMCAQICATEwDQYJKoZIhvcNAQEFBQAwgccxCzAJBgNVBAYTAlVTMQswCQYDVQQI EwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4w HAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3 b3JrcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0 ZWQtbmV0d29ya3MubmV0MB4XDTA2MDIwNzE0MDE0NloXDTExMDMwODE0MDE0NlowgagxCzAJ BgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJv dGVjdGVkIE5ldHdvcmtzMRQwEgYDVQQLEwtNYWlsIGNsaWVudDEcMBoGA1UEAxMTSWFpbiBN aWNoYWVsIEJ1dGxlcjEpMCcGCSqGSIb3DQEJARYaaW1iQHByb3RlY3RlZC1uZXR3b3Jrcy5u ZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJGiIrZoBOaYG7p44h64oIsBmQmi0n4 vfRKAdQY1TGGXAWWAWjdhJDUJJCLrkv2a3chbEBWfKOr+n8vHV5wI5fHN7Yp+9R7wVQ5Hb/F rUp3fZPRx83rd8+FvrtBLcfKDT7J8cIaUF+I14YTPFMSf6thm55hrjLIUB2FlPFrcH/7AgMB AAGjggJ6MIICdjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDBGBglghkgBhvhCAQ0E ORY3Q2VydGlmaWNhdGUgaXNzdWVkIGJ5IGh0dHA6Ly93d3cucHJvdGVjdGVkLW5ldHdvcmtz Lm5ldDAdBgNVHQ4EFgQUKTHICg24Uox83sZjRL50XypVU0IwgfwGA1UdIwSB9DCB8YAUVEXu oZyg4TYTDDa5wzviGlSDFj6hgc2kgcowgccxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQ MA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4wHAYDVQQL ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3b3JrcyBD ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0 d29ya3MubmV0ggkAzFwjxK9/fmIwJQYDVR0SBB4wHIEaaW1iQHByb3RlY3RlZC1uZXR3b3Jr cy5uZXQwRwYJYIZIAYb4QgEEBDoWOGh0dHA6Ly93d3cucHJvdGVjdGVkLW5ldHdvcmtzLm5l dC9Qcm90ZWN0ZWRfTmV0d29ya3MuY3JsMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly93d3cu cHJvdGVjdGVkLW5ldHdvcmtzLm5ldC9Qcm90ZWN0ZWRfTmV0d29ya3MuY3JsMCUGA1UdEQQe MByBGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MA4GA1UdDwEB/wQEAwIF4DANBgkqhkiG 9w0BAQUFAAOCAgEAlS1aZVoA0yQSiK8Jds1K1pZE7dvE6yJHcih3tMqBah5tzTHMDBoeuu7b rJ6lEbYM6r/y1WSJ+0PtMyMac/QxAw1nEtKmECOcNMUlwjiazDonHKNw/BjyCcZZ18SRL63p Jr209xa6c93PfSUFkM2ya8TfHnAjcfcR8NNsr53I6g/jItLqTltY56xglP8OVjDf7fXpzXhV 8w66pmye0tTldcTE95YjVGhr24aM5l42Mp6wveHQIaO9nALa5p3ujqMX72EpCG/phC7dy/2g xdhG7epqtWCEsC7XI4CrBke/fx4TO0T5tLhKGLFtNeqHXl3CjFnxGv9HAm6vutDpM90sTs5e F1M04tM2b7asNKAj0o1AOm0TIPk8obIOnu/8ifbOIOax8WtsbaR9wbpi5JU10FZdZPYfx91b NMztR/1ViCTsvAxPkluU3/I2EPjQZKpbwu7h06D+FH++9aStylZL0N9Hyf09EsYfYL3LGzWn NkMmmzSRHYtD8dHHWpby9OLsWtvKOqG7nrE0e5QZ8CWmc8xeAa4vGQDRTqkk3ALwiUeI/LG7 IoBCqVQXJWnTPtD2wcssG2j9phlDBa5XRo49yC/MTYOHmuAib/oORtsMR49Pv4/wTVNcwvZ+ iY473W36N0mfXXcEL7GD2OPzl89vIBLeUeP5gl3sKoV2JqYJBzwwggbkMIIEzKADAgECAgEx MA0GCSqGSIb3DQEBBQUAMIHHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcT B01lZGZvcmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3JrczEeMBwGA1UECxMVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MTEwLwYDVQQDEyhQcm90ZWN0ZWQgTmV0d29ya3MgQ2VydGlmaWNh dGUgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhppbWJAcHJvdGVjdGVkLW5ldHdvcmtzLm5l dDAeFw0wNjAyMDcxNDAxNDZaFw0xMTAzMDgxNDAxNDZaMIGoMQswCQYDVQQGEwJVUzELMAkG A1UECBMCTUExEDAOBgNVBAcTB01lZGZvcmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3Jr czEUMBIGA1UECxMLTWFpbCBjbGllbnQxHDAaBgNVBAMTE0lhaW4gTWljaGFlbCBCdXRsZXIx KTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MIGfMA0GCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQCyRoiK2aATmmBu6eOIeuKCLAZkJotJ+L30SgHUGNUxhlwFlgFo 3YSQ1CSQi65L9mt3IWxAVnyjq/p/Lx1ecCOXxze2KfvUe8FUOR2/xa1Kd32T0cfN63fPhb67 QS3Hyg0+yfHCGlBfiNeGEzxTEn+rYZueYa4yyFAdhZTxa3B/+wIDAQABo4ICejCCAnYwCQYD VR0TBAIwADARBglghkgBhvhCAQEEBAMCBLAwRgYJYIZIAYb4QgENBDkWN0NlcnRpZmljYXRl IGlzc3VlZCBieSBodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3b3Jrcy5uZXQwHQYDVR0OBBYE FCkxyAoNuFKMfN7GY0S+dF8qVVNCMIH8BgNVHSMEgfQwgfGAFFRF7qGcoOE2Eww2ucM74hpU gxY+oYHNpIHKMIHHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAOBgNVBAcTB01lZGZv cmQxGzAZBgNVBAoTElByb3RlY3RlZCBOZXR3b3JrczEeMBwGA1UECxMVQ2VydGlmaWNhdGUg QXV0aG9yaXR5MTEwLwYDVQQDEyhQcm90ZWN0ZWQgTmV0d29ya3MgQ2VydGlmaWNhdGUgQXV0 aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhppbWJAcHJvdGVjdGVkLW5ldHdvcmtzLm5ldIIJAMxc I8Svf35iMCUGA1UdEgQeMByBGmltYkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0MEcGCWCGSAGG +EIBBAQ6FjhodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3b3Jrcy5uZXQvUHJvdGVjdGVkX05l dHdvcmtzLmNybDBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vd3d3LnByb3RlY3RlZC1uZXR3 b3Jrcy5uZXQvUHJvdGVjdGVkX05ldHdvcmtzLmNybDAlBgNVHREEHjAcgRppbWJAcHJvdGVj dGVkLW5ldHdvcmtzLm5ldDAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggIBAJUt WmVaANMkEoivCXbNStaWRO3bxOsiR3Iod7TKgWoebc0xzAwaHrru26yepRG2DOq/8tVkiftD 7TMjGnP0MQMNZxLSphAjnDTFJcI4msw6JxyjcPwY8gnGWdfEkS+t6Sa9tPcWunPdz30lBZDN smvE3x5wI3H3EfDTbK+dyOoP4yLS6k5bWOesYJT/DlYw3+316c14VfMOuqZsntLU5XXExPeW I1Roa9uGjOZeNjKesL3h0CGjvZwC2uad7o6jF+9hKQhv6YQu3cv9oMXYRu3qarVghLAu1yOA qwZHv38eEztE+bS4ShixbTXqh15dwoxZ8Rr/RwJur7rQ6TPdLE7OXhdTNOLTNm+2rDSgI9KN QDptEyD5PKGyDp7v/In2ziDmsfFrbG2kfcG6YuSVNdBWXWT2H8fdWzTM7Uf9VYgk7LwMT5Jb lN/yNhD40GSqW8Lu4dOg/hR/vvWkrcpWS9DfR8n9PRLGH2C9yxs1pzZDJps0kR2LQ/HRx1qW 8vTi7Frbyjqhu56xNHuUGfAlpnPMXgGuLxkA0U6pJNwC8IlHiPyxuyKAQqlUFyVp0z7Q9sHL LBto/aYZQwWuV0aOPcgvzE2Dh5rgIm/6DkbbDEePT7+P8E1TXML2fomOO91t+jdJn113BC+x g9jj85fPbyAS3lHj+YJd7CqFdiamCQc8MYID7TCCA+kCAQEwgc0wgccxCzAJBgNVBAYTAlVT MQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5l dHdvcmtzMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3Rl Y3RlZCBOZXR3b3JrcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmlt YkBwcm90ZWN0ZWQtbmV0d29ya3MubmV0AgExMAkGBSsOAwIaBQCgggJ1MBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA2MDQwNDExNTU1MFowIwYJKoZIhvcN AQkEMRYEFM1/xaw1ciIwRgPNfNMWsj/pBNjpMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMIHeBgkrBgEEAYI3EAQxgdAwgc0wgccxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQ MA4GA1UEBxMHTWVkZm9yZDEbMBkGA1UEChMSUHJvdGVjdGVkIE5ldHdvcmtzMR4wHAYDVQQL ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMTKFByb3RlY3RlZCBOZXR3b3JrcyBD ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmltYkBwcm90ZWN0ZWQtbmV0 d29ya3MubmV0AgExMIHgBgsqhkiG9w0BCRACCzGB0KCBzTCBxzELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAk1BMRAwDgYDVQQHEwdNZWRmb3JkMRswGQYDVQQKExJQcm90ZWN0ZWQgTmV0d29y a3MxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAxMoUHJvdGVjdGVk IE5ldHdvcmtzIENlcnRpZmljYXRlIEF1dGhvcml0eTEpMCcGCSqGSIb3DQEJARYaaW1iQHBy b3RlY3RlZC1uZXR3b3Jrcy5uZXQCATEwDQYJKoZIhvcNAQEBBQAEgYAYHAZXKkUiu3e78CH7 y1HsrxIqDKLweZEbbqT8yiYfjICefCCJFebdqY8US5fy0zR7YBmL42vMCo7BJKvGt9b07Slr ZZz8SAa9uZZ6809Spj5Xzunu6TEJnCnwvKSZQnbavV6Vbqt2lywYi9IGGTHp+HnKnCzwfYeR j9cRKDLsJwAAAAAAAA== --------------ms030900080501040703080208--