cvs commit: src/sys/sys msg.h sem.h shm.h
Alexander at Leidinger.net
Sat Nov 20 13:04:33 GMT 2004
On Fri, 19 Nov 2004 13:14:50 +0000 (GMT)
Robert Watson <rwatson at freebsd.org> wrote:
> - If you have multiple name spaces, it makes it hard for the administrator
> running outside the jail to track and manage IPC resources that are
> leaked in Jails. ipcs and ipcrm are written under the assumption of a
> single name space, and the whole management infrastructure and APIs
> there will become substantially more complicated if multiple name spaces
> exist. Especially given that the resource limits for System V IPC are
> both very concrete and global.
Are you talking about the userland API, or about the in-kernel API?
If you are talking about the userland API: wouldn't it be more easy if
we use the following constraints?
- The admin of the host has no direct access to the jails IPC, only an
admin in the jail can manage it (the host admin can use jexec to
- If a jail gets shut down, all IPC resources of this jail are removed.
The best things in life are free, but the
expensive ones are still worth a look.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
More information about the cvs-src