jail extensions

[Robert Watson]

On Wed, 7 Jun 2006, Brooks Davis wrote:

> It's not clear to me that we want to use the same containers to control all 
> resouces since you might want a set of jails sharing IPC resources or being 
> allocated a slice of processor time to divide amongst them selves if we had 
> a hierarchical scheduler.  That said, using a single prison structure could 
> do this if we allowed the administrator to specifiy a hierarchy of prisons 
> and not necessicairly enclose all resources in all prisons.

When looking at improved virtualization support for things like System V IPC, 
my opinion has generally been that we introduce virtualization as a primitive, 
and then have jail use the primitive much in the same way it does chroot. 
This leaves flexibility to use it without jail, etc, but means we have a 
well-understood and well-defined interaction with jail.

Robert N M Watson