new feature: private IPC for every jail
Marc G. Fournier
scrappy at hub.org
Mon Apr 3 19:07:13 UTC 2006
On Mon, 3 Apr 2006, Robert Watson wrote:
> So the question is this: if you load System V IPC support after you
> start a jail, how do we handle jails that have already started? Do we go
> out and create new name spaces for jails already started (a problem for
> method (1), because it implies System V IPC will have pretty intimate
> knowledge of jails, and know how to walk lists, etc), do we deny access
> to System V IPC for jails not present when it was loaded? Likewise,
> although we tend to refer to the different IPC mechanisms as in a single
> category, System V IPC, there are actually three name spaces, and the
> functionality for each can be loaded separately.
Stupid question, but why does a namespace need to be created prior to a
process in the jail needing it? "if jail requests IPC, and IPC is loaded,
then create namespace at that point" ... ?
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy at hub.org Yahoo!: yscrappy ICQ: 7615664
More information about the freebsd-stable
mailing list