From owner-freebsd-arch@FreeBSD.ORG Wed Jun 25 08:28:17 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 775AE37B401; Wed, 25 Jun 2003 08:28:17 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E71143FB1; Wed, 25 Jun 2003 08:28:16 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 3B7103ABB51; Wed, 25 Jun 2003 17:31:53 +0200 (CEST) Date: Wed, 25 Jun 2003 17:31:53 +0200 From: Pawel Jakub Dawidek To: Dmitry Sivachenko Message-ID: <20030625153153.GO7587@garage.freebsd.pl> References: <20030624164602.GW7587@garage.freebsd.pl> <20030625135106.GA19868@fling-wing.demos.su> <20030625140518.GA23435@fling-wing.demos.su> <20030625144849.GJ7587@garage.freebsd.pl> <20030625145233.GA28322@fling-wing.demos.su> <20030625150221.GL7587@garage.freebsd.pl> <20030625152119.GA31396@fling-wing.demos.su> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="v1mHNXBTCsim3EdZ" Content-Disposition: inline In-Reply-To: <20030625152119.GA31396@fling-wing.demos.su> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: freebsd-arch@freebsd.org Subject: Re: Jailed sysvipc implementation. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2003 15:28:17 -0000 --v1mHNXBTCsim3EdZ Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 25, 2003 at 07:21:19PM +0400, Dmitry Sivachenko wrote: +> > +> > But you got still *one* memory zones for every jail and main host. +> > +>=20 +> > +> Yes, that is exactly what I want. +> > +> This is similar to separate IP stack for each jail: this is more p= owerful +> > +> solution, but more expensive (uses more kernel memory). +> >=20 +> > But note that my implementation allocates memory "on demand". +>=20 +> This is part of the problem: with single memory zone for all jails, +> less memory is allocated. With private memory zones, if m jails use IPC, +> you need to allocate m*M kbytes (for some value of M you consider +> sufficient for one jail). +>=20 +> With one memory zone for all jails, it is enough to allocate N kbytes wh= ere +> M < N < m*M, because every jail will not use all M kbytes at the same ti= me. Of course, but please. We could start wondering if struct prison in every ucred struct don't consume to much memory. Of course we allocate more memor= y, but if we want to run for example two instants of postgresql in two diffrent jails? But ok, it will be good compromise to add sysctl security.jail.privipc IMHO. So we could turn this feature on if it is needed. What is your opinion? --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --v1mHNXBTCsim3EdZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPvnAaT/PhmMH/Mf1AQFoswP9GVRLmrU27QPU8YZ6zmfSTG+BBOI7Man8 a5ap2DrbdAfLj8QnBL5LZmSXdn4KgMly6PcxycImyXgiIrBAfRi1xzpwQYxkF5ar 5SQJDZIgQ3+3X8oMaAUD7iVRJtBUrWAbi2+xRPi3IrVfWjSr2J3zhiua0TGxFc/m qIft1YXKUVA= =TunJ -----END PGP SIGNATURE----- --v1mHNXBTCsim3EdZ--