From owner-cvs-src@FreeBSD.ORG Sat Nov 20 13:04:33 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
by hub.freebsd.org (Postfix) with ESMTP
id 912C116A4CE; Sat, 20 Nov 2004 13:04:33 +0000 (GMT)
Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com
[194.25.134.83]) by mx1.FreeBSD.org (Postfix) with ESMTP
id BF8FD43D31; Sat, 20 Nov 2004 13:04:32 +0000 (GMT)
(envelope-from Alexander@Leidinger.net)
Received: from fwd00.aul.t-online.de
by mailout07.sul.t-online.com with smtp
id 1CVUul-0003W9-01; Sat, 20 Nov 2004 14:04:31 +0100
Received: from Andro-Beta.Leidinger.net
(r31zjZZEQeltyZlD9DI0-Wq2WC5fHdiUoJevbzSzkeuuoH7jXiqkk0@[217.229.210.21]) by
fmrl00.sul.t-online.com
with esmtp id 1CVUuX-1dcOZ60; Sat, 20 Nov 2004 14:04:17 +0100
Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1])
iAKD4Apk006718; Sat, 20 Nov 2004 14:04:10 +0100 (CET)
(envelope-from Alexander@Leidinger.net)
Date: Sat, 20 Nov 2004 14:04:41 +0100
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Robert Watson <rwatson@freebsd.org>
Message-ID: <20041120140441.129f8a74@Magellan.Leidinger.net>
In-Reply-To: <Pine.NEB.3.96L.1041119131042.92822G-100000@fledge.watson.org>
References: <xzp8y8yhvrb.fsf@dwp.des.no>
<Pine.NEB.3.96L.1041119131042.92822G-100000@fledge.watson.org>
X-Mailer: Sylpheed-Claws 0.9.12b (GTK+ 1.2.10; i386-portbld-freebsd6.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-ID: r31zjZZEQeltyZlD9DI0-Wq2WC5fHdiUoJevbzSzkeuuoH7jXiqkk0@t-dialin.net
X-TOI-MSGID: 691c0dd4-8d9d-4b24-804c-445a09196aae
cc: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@des.no>
cc: src-committers@freebsd.org
cc: cvs-all@freebsd.org
cc: cvs-src@freebsd.org
Subject: Re: cvs commit: src/sys/sys msg.h sem.h shm.h
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Nov 2004 13:04:33 -0000
On Fri, 19 Nov 2004 13:14:50 +0000 (GMT)
Robert Watson <rwatson@freebsd.org> wrote:
> - If you have multiple name spaces, it makes it hard for the administrator
> running outside the jail to track and manage IPC resources that are
> leaked in Jails. ipcs and ipcrm are written under the assumption of a
> single name space, and the whole management infrastructure and APIs
> there will become substantially more complicated if multiple name spaces
> exist. Especially given that the resource limits for System V IPC are
> both very concrete and global.
Are you talking about the userland API, or about the in-kernel API?
If you are talking about the userland API: wouldn't it be more easy if
we use the following constraints?
- The admin of the host has no direct access to the jails IPC, only an
admin in the jail can manage it (the host admin can use jexec to
manage IPC).
- If a jail gets shut down, all IPC resources of this jail are removed.
Bye,
Alexander.
--
The best things in life are free, but the
expensive ones are still worth a look.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7