svn commit: r297935 - head/sys/kern

James Gritton jamie at freebsd.org
Thu Apr 14 00:03:49 UTC 2016 

On 2016-04-13 17:45, Mateusz Guzik wrote:
> On Wed, Apr 13, 2016 at 08:14:13PM +0000, Jamie Gritton wrote:
>> Author: jamie
>> Date: Wed Apr 13 20:14:13 2016
>> New Revision: 297935
>> URL: https://svnweb.freebsd.org/changeset/base/297935
>> 
>> Log:
>>   Separate POSIX sem/shm objects in jails, by prepending the jail's 
>> path
>>   name to the object's "path".  While the objects don't have real path
>>   names, it's a filesystem-like namespace, which allows jails to be
>>   kept to their own space, but still allows the system / jail parent 
>> to
>>   access a jail's IPC.
>> 
> 
> What is the reasoning behind this method?

The reasoning is that even though the namespace isn't the actual 
filesystem, it's still a filesystem-like namespace, and that provides a 
good way to let the system communicate with jails if it so chooses (that 
can be useful) while still keeping jails separate from each other.

I assume the fact that sem/shm objects aren't actual vnodes is because 
it was much easier than making it work (especially in a world of 
multiple filesystems), and not because it was considered an actual 
desirable feature.

> Names are not supposed to contain slashes apart from the initial
> one, so this cuts into the supported length.

Actually, for sem/shm objects, multiple slashes are supported, so it 
looks like a virtual full pathname.  And the supported length is in fact 
MAXPATHLEN.

> If slashes were to be
> permitted, this would create a possible conflict where part of the name
> is the same as the path of a newly created jail.

Yes, there is that possible conflict.  But since these objects aren't 
actually in the filesystem, it's permissible to have one at "/jail" at 
the same time as having another at "/jail/foo/bar".

> The standard way would be to provide an entirely separate namespace, if
> requested, and keep things the same otherwise.

I would have done that had the namespace not already been essentially a 
poor man's filesystem.  But since the goal was obviously filesystem-ish 
if not the actual filesystem, the most natural way to specify the jail 
namespace is by using the jail path.

Note that the companion commit for the POSIX mqueue objects, does in 
fact keep the jails totally separate.  That's because the mqueue objects 
are in fact limited to a single "component" (i.e. only one slash).  This 
is not a feature, but rather an implementation deficiency as evidenced 
by the code in uipc_mqueue.c that handles full paths but is wrapped in 
"#ifdef notyet".

- Jamie

More information about the svn-src-all mailing list