new feature: private IPC for every jail
    Michael Butler 
    imb at protected-networks.net
       
    Tue Apr  4 11:56:01 UTC 2006
    
    
  
Robert Watson wrote:
> Would it make more sense to simply allocate ID's sequentially, and 
> simply not allow access to objects with a non-matching prison? ..
This depends on the expected size of the system-wide pool; sequential 
allocation invites sequential searches of the name/id-space when looking 
for items any individual jail-id "owns".
However, what would work is a linked list of associated ids from each 
jail descriptor thereby creating the list of things to deallocate on 
jail termination,
-- 
Michael Butler, CISSP
Security Architect
Protected Networks
http://www.protected-networks.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4603 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20060404/5dd8aa10/smime.bin
    
    
More information about the freebsd-current
mailing list