cvs commit: src/sys/sys msg.h sem.h shm.h

Alexander Leidinger Alexander at
Sat Nov 20 13:04:33 GMT 2004

On Fri, 19 Nov 2004 13:14:50 +0000 (GMT)
Robert Watson <rwatson at> wrote:

> - If you have multiple name spaces, it makes it hard for the administrator
>   running outside the jail to track and manage IPC resources that are
>   leaked in Jails.  ipcs and ipcrm are written under the assumption of a
>   single name space, and the whole management infrastructure and APIs
>   there will become substantially more complicated if multiple name spaces
>   exist.  Especially given that the resource limits for System V IPC are
>   both very concrete and global.

Are you talking about the userland API, or about the in-kernel API?

If you are talking about the userland API: wouldn't it be more easy if
we use the following constraints?
 - The admin of the host has no direct access to the jails IPC, only an 
   admin in the jail can manage it (the host admin can use jexec to  
   manage IPC).
 - If a jail gets shut down, all IPC resources of this jail are removed.


              The best things in life are free, but the
                expensive ones are still worth a look.                       Alexander @
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7

More information about the cvs-src mailing list