UNIX domain sockets on nullfs still broken?
Robert N. M. Watson
rwatson at freebsd.org
Thu Dec 10 11:59:12 UTC 2009
On 10 Dec 2009, at 09:59, Ivan Voras wrote:
> You have a point there. I was actually thinking more of sysvshm -
> which doesn't have anything to do with any of the issues here - but
> has some of the same properties (and is also used by databases - e.g.
> postgresql, which I'm using daily so it sort of cross-linked). The
> reason I'd like the nullfs barrier kept is that it (like shm) is used
> for IPC, and in this case, IPC across different jails (though a file
> system itself also be used so...). It's not a big issue - I'll also
> accept that it's the operator's fault if he doesn't know sharing file
> systems will also share sockets and fifos on it...
Yeah, what this really comes down to is IPC namespaces. We have a lot, and they have different properties, unfortunately, leading to different interactions with Jail, which is largely about namespace subsetting. Very little is about IPC "between" jails, but rather, whether the IPC namespace supported easy subsetting/virtualization. In the new vimage world order, it should now be "easy" to virtualize all of the remaining IPC namespaces (small matter of code).
More information about the freebsd-hackers