From owner-freebsd-jail@FreeBSD.ORG Fri Jun 5 22:24:37 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 92272459 for ; Fri, 5 Jun 2015 22:24:37 +0000 (UTC) (envelope-from kikuchan@uranus.dti.ne.jp) Received: from smtp01.cm.dti.ne.jp (smtp.ipv6.cm.dream.jp [IPv6:2001:2e8:702::236:70:47]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 58DAF1342 for ; Fri, 5 Jun 2015 22:24:36 +0000 (UTC) (envelope-from kikuchan@uranus.dti.ne.jp) Received: from mail-yk0-f178.google.com (mail-yk0-f178.google.com [209.85.160.178]) by smtp01.cm.dti.ne.jp (3.11s) with ESMTP AUTH id t55MOMvp004647 for ; Sat, 6 Jun 2015 07:24:23 +0900 (JST) Received: by ykfl8 with SMTP id l8so30131497ykf.1 for ; Fri, 05 Jun 2015 15:24:21 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.13.207.1 with SMTP id r1mr3435860ywd.166.1433543061849; Fri, 05 Jun 2015 15:24:21 -0700 (PDT) Received: by 10.13.227.196 with HTTP; Fri, 5 Jun 2015 15:24:21 -0700 (PDT) Date: Sat, 6 Jun 2015 07:24:21 +0900 Message-ID: Subject: [patch] separate SysV IPC namespace for jail From: kikuchan To: freebsd-jail@freebsd.org Content-Type: multipart/mixed; boundary=001a114e5992f93c6d0517ccc075 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2015 22:24:37 -0000 --001a114e5992f93c6d0517ccc075 Content-Type: text/plain; charset=UTF-8 Hello, I want to run multiple instances of PostgreSQL with jail. Changing UID is not suitable for my case, so I created a simple patch for stable/10 to separate SysV IPC namespace for each jail. In contrast to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=48471 , this patch comes with; - All objects are visible by ipcs(1) whether in jails or not. - Trying to access the objects beyond the jail will be rejected with EACCES. - Treat (key_t, prison) pair as the key for a named object. - Very simple implementation; I just added to check msqkptr->cred->cr_prison == td->td_ucred->cr_prison, for example. Is this approach suitable for FreeBSD kernel? If you find it is useful, or bugs, please let me know. P.S. There is no way to know from userland which jails own the objects, so far. Regards, kikuchan --001a114e5992f93c6d0517ccc075 Content-Type: text/x-patch; charset=US-ASCII; name="jailed-sysvipc-for-stable10.patch" Content-Disposition: attachment; filename="jailed-sysvipc-for-stable10.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_iak6apcf0 ZGlmZiAtLWdpdCBhL3N5cy9rZXJuL2tlcm5famFpbC5jIGIvc3lzL2tlcm4va2Vybl9qYWlsLmMK aW5kZXggZTljNzFjYS4uY2Y2MzE5NiAxMDA2NDQKLS0tIGEvc3lzL2tlcm4va2Vybl9qYWlsLmMK KysrIGIvc3lzL2tlcm4va2Vybl9qYWlsLmMKQEAgLTYwLDYgKzYwLDcgQEAgX19GQlNESUQoIiRG cmVlQlNEJCIpOwogI2luY2x1ZGUgPHN5cy9zeXNjYWxsc3Vici5oPgogI2luY2x1ZGUgPHN5cy9z eXNjdGwuaD4KICNpbmNsdWRlIDxzeXMvdm5vZGUuaD4KKyNpbmNsdWRlIDxzeXMvaXBjLmg+CiAK ICNpbmNsdWRlIDxuZXQvaWYuaD4KICNpbmNsdWRlIDxuZXQvdm5ldC5oPgpAQCAtMjMzMCw2ICsy MzMxLDkgQEAgcHJpc29uX3JlbW92ZV9vbmUoc3RydWN0IHByaXNvbiAqcHIpCiAJCXByLT5wcl9m bGFncyAmPSB+UFJfUEVSU0lTVDsKIAl9CiAKKwkvKiBTeXNWIElQQyBjbGVhbnVwIGZvciB0aGUg cHJpc29uICovCisJaXBjX2NsZWFudXBfZm9yX3ByaXNvbihwcik7CisKIAkvKgogCSAqIGphaWxf cmVtb3ZlIGFkZGVkIGEgcmVmZXJlbmNlLiAgSWYgdGhhdCdzIHRoZSBvbmx5IG9uZSwgcmVtb3Zl CiAJICogdGhlIHByaXNvbiBub3cuCmRpZmYgLS1naXQgYS9zeXMva2Vybi9zeXN2X2lwYy5jIGIv c3lzL2tlcm4vc3lzdl9pcGMuYwppbmRleCBlNDAyY2I1Li5lZjMzOWM2IDEwMDY0NAotLS0gYS9z eXMva2Vybi9zeXN2X2lwYy5jCisrKyBiL3N5cy9rZXJuL3N5c3ZfaXBjLmMKQEAgLTQ3LDkgKzQ3 LDEzIEBAIF9fRkJTRElEKCIkRnJlZUJTRCQiKTsKICNpbmNsdWRlIDxzeXMvcHJpdi5oPgogI2lu Y2x1ZGUgPHN5cy9wcm9jLmg+CiAjaW5jbHVkZSA8c3lzL3VjcmVkLmg+CisjaW5jbHVkZSA8c3lz L2phaWwuaD4KIAogdm9pZCAoKnNobWZvcmtfaG9vaykoc3RydWN0IHByb2MgKiwgc3RydWN0IHBy b2MgKikgPSBOVUxMOwogdm9pZCAoKnNobWV4aXRfaG9vaykoc3RydWN0IHZtc3BhY2UgKikgPSBO VUxMOwordm9pZCAoKnN5c3ZzaG1fY2xlYW51cF9mb3JfcHJpc29uX2hvb2spKHN0cnVjdCBwcmlz b24gKikgPSBOVUxMOwordm9pZCAoKnN5c3Ztc3FfY2xlYW51cF9mb3JfcHJpc29uX2hvb2spKHN0 cnVjdCBwcmlzb24gKikgPSBOVUxMOwordm9pZCAoKnN5c3ZzZW1fY2xlYW51cF9mb3JfcHJpc29u X2hvb2spKHN0cnVjdCBwcmlzb24gKikgPSBOVUxMOwogCiAvKiBjYWxsZWQgZnJvbSBrZXJuX2Zv cmsuYyAqLwogdm9pZApAQCAtNzIsNiArNzYsMTkgQEAgc2htZXhpdChzdHJ1Y3Qgdm1zcGFjZSAq dm0pCiAJcmV0dXJuOwogfQogCisvKiBjYWxsZWQgZnJvbSBrZXJuX2phaWwuYyAqLwordm9pZAor aXBjX2NsZWFudXBfZm9yX3ByaXNvbihzdHJ1Y3QgcHJpc29uICpwcikKK3sKKworCWlmIChzeXN2 c2htX2NsZWFudXBfZm9yX3ByaXNvbl9ob29rICE9IE5VTEwpCisJCXN5c3ZzaG1fY2xlYW51cF9m b3JfcHJpc29uX2hvb2socHIpOworCWlmIChzeXN2bXNxX2NsZWFudXBfZm9yX3ByaXNvbl9ob29r ICE9IE5VTEwpCisJCXN5c3Ztc3FfY2xlYW51cF9mb3JfcHJpc29uX2hvb2socHIpOworCWlmIChz eXN2c2VtX2NsZWFudXBfZm9yX3ByaXNvbl9ob29rICE9IE5VTEwpCisJCXN5c3ZzZW1fY2xlYW51 cF9mb3JfcHJpc29uX2hvb2socHIpOworfQorCiAvKgogICogQ2hlY2sgZm9yIElQQyBwZXJtaXNz aW9uLgogICoKZGlmZiAtLWdpdCBhL3N5cy9rZXJuL3N5c3ZfbXNnLmMgYi9zeXMva2Vybi9zeXN2 X21zZy5jCmluZGV4IGQ1OGNiN2UuLjM2ZmU0NzUgMTAwNjQ0Ci0tLSBhL3N5cy9rZXJuL3N5c3Zf bXNnLmMKKysrIGIvc3lzL2tlcm4vc3lzdl9tc2cuYwpAQCAtODAsNiArODAsOSBAQCBzdGF0aWMg TUFMTE9DX0RFRklORShNX01TRywgIm1zZyIsICJTVklEIGNvbXBhdGlibGUgbWVzc2FnZSBxdWV1 ZXMiKTsKIHN0YXRpYyBpbnQgbXNnaW5pdCh2b2lkKTsKIHN0YXRpYyBpbnQgbXNndW5sb2FkKHZv aWQpOwogc3RhdGljIGludCBzeXN2bXNnX21vZGxvYWQoc3RydWN0IG1vZHVsZSAqLCBpbnQsIHZv aWQgKik7CitzdGF0aWMgdm9pZCBtc3FfcmVtb3ZlKHN0cnVjdCBtc3FpZF9rZXJuZWwgKik7Citz dGF0aWMgaW50IG1zcV9jaGVja19wcmlzb24oc3RydWN0IHVjcmVkICosIHN0cnVjdCBtc3FpZF9r ZXJuZWwgKik7CitzdGF0aWMgdm9pZCBzeXN2bXNxX2NsZWFudXBfZm9yX3ByaXNvbl9teWhvb2so c3RydWN0IHByaXNvbiAqKTsKIAogCiAjaWZkZWYgTVNHX0RFQlVHCkBAIC0yNTcsNiArMjYwLDcg QEAgbXNnaW5pdCgpCiAjZW5kaWYKIAl9CiAJbXR4X2luaXQoJm1zcV9tdHgsICJtc3EiLCBOVUxM LCBNVFhfREVGKTsKKwlzeXN2bXNxX2NsZWFudXBfZm9yX3ByaXNvbl9ob29rID0gJnN5c3Ztc3Ff Y2xlYW51cF9mb3JfcHJpc29uX215aG9vazsKIAogCWVycm9yID0gc3lzY2FsbF9oZWxwZXJfcmVn aXN0ZXIobXNnX3N5c2NhbGxzKTsKIAlpZiAoZXJyb3IgIT0gMCkKQEAgLTI4Miw2ICsyODYsNyBA QCBtc2d1bmxvYWQoKQogI2lmZGVmIENPTVBBVF9GUkVFQlNEMzIKIAlzeXNjYWxsMzJfaGVscGVy X3VucmVnaXN0ZXIobXNnMzJfc3lzY2FsbHMpOwogI2VuZGlmCisJc3lzdm1zcV9jbGVhbnVwX2Zv cl9wcmlzb25faG9vayA9IE5VTEw7CiAKIAlmb3IgKG1zcWlkID0gMDsgbXNxaWQgPCBtc2dpbmZv Lm1zZ21uaTsgbXNxaWQrKykgewogCQkvKgpAQCAtMzcyLDYgKzM3Nyw2OSBAQCBtc2dfZnJlZWhk cihtc2doZHIpCiAjZW5kaWYKIH0KIAorc3RhdGljIHZvaWQKK21zcV9yZW1vdmUoc3RydWN0IG1z cWlkX2tlcm5lbCAqbXNxa3B0cikKK3sKKwlzdHJ1Y3QgbXNnICptc2doZHI7CisKKwlyYWNjdF9z dWJfY3JlZChtc3FrcHRyLT5jcmVkLCBSQUNDVF9OTVNHUSwgMSk7CisJcmFjY3Rfc3ViX2NyZWQo bXNxa3B0ci0+Y3JlZCwgUkFDQ1RfTVNHUVFVRVVFRCwgbXNxa3B0ci0+dS5tc2dfcW51bSk7CisJ cmFjY3Rfc3ViX2NyZWQobXNxa3B0ci0+Y3JlZCwgUkFDQ1RfTVNHUVNJWkUsIG1zcWtwdHItPnUu bXNnX2NieXRlcyk7CisJY3JmcmVlKG1zcWtwdHItPmNyZWQpOworCW1zcWtwdHItPmNyZWQgPSBO VUxMOworCisJLyogRnJlZSB0aGUgbWVzc2FnZSBoZWFkZXJzICovCisJbXNnaGRyID0gbXNxa3B0 ci0+dS5tc2dfZmlyc3Q7CisJd2hpbGUgKG1zZ2hkciAhPSBOVUxMKSB7CisJCXN0cnVjdCBtc2cg Km1zZ2hkcl90bXA7CisKKwkJLyogRnJlZSB0aGUgc2VnbWVudHMgb2YgZWFjaCBtZXNzYWdlICov CisJCW1zcWtwdHItPnUubXNnX2NieXRlcyAtPSBtc2doZHItPm1zZ190czsKKwkJbXNxa3B0ci0+ dS5tc2dfcW51bS0tOworCQltc2doZHJfdG1wID0gbXNnaGRyOworCQltc2doZHIgPSBtc2doZHIt Pm1zZ19uZXh0OworCQltc2dfZnJlZWhkcihtc2doZHJfdG1wKTsKKwl9CisKKwlpZiAobXNxa3B0 ci0+dS5tc2dfY2J5dGVzICE9IDApCisJCXBhbmljKCJtc2dfY2J5dGVzIGlzIHNjcmV3ZWQgdXAi KTsKKwlpZiAobXNxa3B0ci0+dS5tc2dfcW51bSAhPSAwKQorCQlwYW5pYygibXNnX3FudW0gaXMg c2NyZXdlZCB1cCIpOworCisJbXNxa3B0ci0+dS5tc2dfcWJ5dGVzID0gMDsJLyogTWFyayBpdCBh cyBmcmVlICovCisKKyNpZmRlZiBNQUMKKwltYWNfc3lzdm1zcV9jbGVhbnVwKG1zcWtwdHIpOwor I2VuZGlmCisKKwl3YWtldXAobXNxa3B0cik7Cit9CisKK3N0YXRpYyBpbnQKK21zcV9jaGVja19w cmlzb24oc3RydWN0IHVjcmVkICpjcmVkLCBzdHJ1Y3QgbXNxaWRfa2VybmVsICptc3FrcHRyKQor eworCisJaWYgKG1zcWtwdHItPmNyZWQgJiYgbXNxa3B0ci0+Y3JlZC0+Y3JfcHJpc29uICE9IGNy ZWQtPmNyX3ByaXNvbikKKwkJcmV0dXJuIChFQUNDRVMpOworCXJldHVybiAoMCk7Cit9CisKK3N0 YXRpYyB2b2lkCitzeXN2bXNxX2NsZWFudXBfZm9yX3ByaXNvbl9teWhvb2soc3RydWN0IHByaXNv biAqcHIpCit7CisJaW50IGk7CisJc3RydWN0IG1zcWlkX2tlcm5lbCAqbXNxa3B0cjsKKworCW10 eF9sb2NrKCZtc3FfbXR4KTsKKwlmb3IgKGkgPSAwOyBpIDwgbXNnaW5mby5tc2dtbmk7IGkrKykg eworCQltc3FrcHRyID0gJm1zcWlkc1tpXTsKKwkJaWYgKG1zcWtwdHItPnUubXNnX3FieXRlcyAh PSAwICYmCisJCSAgICBtc3FrcHRyLT5jcmVkICYmIG1zcWtwdHItPmNyZWQtPmNyX3ByaXNvbiA9 PSBwcikKKwkJCW1zcV9yZW1vdmUobXNxa3B0cik7CisJfQorCW10eF91bmxvY2soJm1zcV9tdHgp OworfQorCiAjaWZuZGVmIF9TWVNfU1lTUFJPVE9fSF8KIHN0cnVjdCBtc2djdGxfYXJncyB7CiAJ aW50CW1zcWlkOwpAQCAtNDQ3LDYgKzUxNSw4IEBAIGtlcm5fbXNnY3RsKHRkLCBtc3FpZCwgY21k LCBtc3FidWYpCiAJY2FzZSBJUENfUk1JRDoKIAl7CiAJCXN0cnVjdCBtc2cgKm1zZ2hkcjsKKwkJ aWYgKChlcnJvciA9IG1zcV9jaGVja19wcmlzb24odGQtPnRkX3VjcmVkLCBtc3FrcHRyKSkpCisJ CQlnb3RvIGRvbmUyOwogCQlpZiAoKGVycm9yID0gaXBjcGVybSh0ZCwgJm1zcWtwdHItPnUubXNn X3Blcm0sIElQQ19NKSkpCiAJCQlnb3RvIGRvbmUyOwogCkBAIC00NjgsNDIgKzUzOCwxNCBAQCBr ZXJuX21zZ2N0bCh0ZCwgbXNxaWQsIGNtZCwgbXNxYnVmKQogCQl9CiAjZW5kaWYKIAotCQlyYWNj dF9zdWJfY3JlZChtc3FrcHRyLT5jcmVkLCBSQUNDVF9OTVNHUSwgMSk7Ci0JCXJhY2N0X3N1Yl9j cmVkKG1zcWtwdHItPmNyZWQsIFJBQ0NUX01TR1FRVUVVRUQsIG1zcWtwdHItPnUubXNnX3FudW0p OwotCQlyYWNjdF9zdWJfY3JlZChtc3FrcHRyLT5jcmVkLCBSQUNDVF9NU0dRU0laRSwgbXNxa3B0 ci0+dS5tc2dfY2J5dGVzKTsKLQkJY3JmcmVlKG1zcWtwdHItPmNyZWQpOwotCQltc3FrcHRyLT5j cmVkID0gTlVMTDsKLQotCQkvKiBGcmVlIHRoZSBtZXNzYWdlIGhlYWRlcnMgKi8KLQkJbXNnaGRy ID0gbXNxa3B0ci0+dS5tc2dfZmlyc3Q7Ci0JCXdoaWxlIChtc2doZHIgIT0gTlVMTCkgewotCQkJ c3RydWN0IG1zZyAqbXNnaGRyX3RtcDsKLQotCQkJLyogRnJlZSB0aGUgc2VnbWVudHMgb2YgZWFj aCBtZXNzYWdlICovCi0JCQltc3FrcHRyLT51Lm1zZ19jYnl0ZXMgLT0gbXNnaGRyLT5tc2dfdHM7 Ci0JCQltc3FrcHRyLT51Lm1zZ19xbnVtLS07Ci0JCQltc2doZHJfdG1wID0gbXNnaGRyOwotCQkJ bXNnaGRyID0gbXNnaGRyLT5tc2dfbmV4dDsKLQkJCW1zZ19mcmVlaGRyKG1zZ2hkcl90bXApOwot CQl9Ci0KLQkJaWYgKG1zcWtwdHItPnUubXNnX2NieXRlcyAhPSAwKQotCQkJcGFuaWMoIm1zZ19j Ynl0ZXMgaXMgc2NyZXdlZCB1cCIpOwotCQlpZiAobXNxa3B0ci0+dS5tc2dfcW51bSAhPSAwKQot CQkJcGFuaWMoIm1zZ19xbnVtIGlzIHNjcmV3ZWQgdXAiKTsKLQotCQltc3FrcHRyLT51Lm1zZ19x Ynl0ZXMgPSAwOwkvKiBNYXJrIGl0IGFzIGZyZWUgKi8KLQotI2lmZGVmIE1BQwotCQltYWNfc3lz dm1zcV9jbGVhbnVwKG1zcWtwdHIpOwotI2VuZGlmCi0KLQkJd2FrZXVwKG1zcWtwdHIpOworCQlt c3FfcmVtb3ZlKG1zcWtwdHIpOwogCX0KIAogCQlicmVhazsKIAogCWNhc2UgSVBDX1NFVDoKKwkJ aWYgKChlcnJvciA9IG1zcV9jaGVja19wcmlzb24odGQtPnRkX3VjcmVkLCBtc3FrcHRyKSkpCisJ CQlnb3RvIGRvbmUyOwogCQlpZiAoKGVycm9yID0gaXBjcGVybSh0ZCwgJm1zcWtwdHItPnUubXNn X3Blcm0sIElQQ19NKSkpCiAJCQlnb3RvIGRvbmUyOwogCQlpZiAobXNxYnVmLT5tc2dfcWJ5dGVz ID4gbXNxa3B0ci0+dS5tc2dfcWJ5dGVzKSB7CkBAIC01MzAsNiArNTcyLDggQEAga2Vybl9tc2dj dGwodGQsIG1zcWlkLCBjbWQsIG1zcWJ1ZikKIAkJYnJlYWs7CiAKIAljYXNlIElQQ19TVEFUOgor CQlpZiAoKGVycm9yID0gbXNxX2NoZWNrX3ByaXNvbih0ZC0+dGRfdWNyZWQsIG1zcWtwdHIpKSkK KwkJCWdvdG8gZG9uZTI7CiAJCWlmICgoZXJyb3IgPSBpcGNwZXJtKHRkLCAmbXNxa3B0ci0+dS5t c2dfcGVybSwgSVBDX1IpKSkgewogCQkJRFBSSU5URigoInJlcXVlc3RlciBkb2Vzbid0IGhhdmUg cmVhZCBhY2Nlc3NcbiIpKTsKIAkJCWdvdG8gZG9uZTI7CkBAIC01NzgsNiArNjIyLDcgQEAgc3lz X21zZ2dldCh0ZCwgdWFwKQogCQlmb3IgKG1zcWlkID0gMDsgbXNxaWQgPCBtc2dpbmZvLm1zZ21u aTsgbXNxaWQrKykgewogCQkJbXNxa3B0ciA9ICZtc3FpZHNbbXNxaWRdOwogCQkJaWYgKG1zcWtw dHItPnUubXNnX3FieXRlcyAhPSAwICYmCisJCQkgICAgbXNxa3B0ci0+Y3JlZCAmJiBtc3FrcHRy LT5jcmVkLT5jcl9wcmlzb24gPT0gY3JlZC0+Y3JfcHJpc29uICYmCiAJCQkgICAgbXNxa3B0ci0+ dS5tc2dfcGVybS5rZXkgPT0ga2V5KQogCQkJCWJyZWFrOwogCQl9CkBAIC03MTgsNiArNzYzLDgg QEAga2Vybl9tc2dzbmQodGQsIG1zcWlkLCBtc2dwLCBtc2dzeiwgbXNnZmxnLCBtdHlwZSkKIAkJ Z290byBkb25lMjsKIAl9CiAKKwlpZiAoKGVycm9yID0gbXNxX2NoZWNrX3ByaXNvbih0ZC0+dGRf dWNyZWQsIG1zcWtwdHIpKSkKKwkJZ290byBkb25lMjsKIAlpZiAoKGVycm9yID0gaXBjcGVybSh0 ZCwgJm1zcWtwdHItPnUubXNnX3Blcm0sIElQQ19XKSkpIHsKIAkJRFBSSU5URigoInJlcXVlc3Rl ciBkb2Vzbid0IGhhdmUgd3JpdGUgYWNjZXNzXG4iKSk7CiAJCWdvdG8gZG9uZTI7CkBAIC0xMDgx LDYgKzExMjgsOCBAQCBrZXJuX21zZ3Jjdih0ZCwgbXNxaWQsIG1zZ3AsIG1zZ3N6LCBtc2d0eXAs IG1zZ2ZsZywgbXR5cGUpCiAJCWdvdG8gZG9uZTI7CiAJfQogCisJaWYgKChlcnJvciA9IG1zcV9j aGVja19wcmlzb24odGQtPnRkX3VjcmVkLCBtc3FrcHRyKSkpCisJCWdvdG8gZG9uZTI7CiAJaWYg KChlcnJvciA9IGlwY3Blcm0odGQsICZtc3FrcHRyLT51Lm1zZ19wZXJtLCBJUENfUikpKSB7CiAJ CURQUklOVEYoKCJyZXF1ZXN0ZXIgZG9lc24ndCBoYXZlIHJlYWQgYWNjZXNzXG4iKSk7CiAJCWdv dG8gZG9uZTI7CmRpZmYgLS1naXQgYS9zeXMva2Vybi9zeXN2X3NlbS5jIGIvc3lzL2tlcm4vc3lz dl9zZW0uYwppbmRleCBmOWZmMjE3Li5lZGQyY2Q3IDEwMDY0NAotLS0gYS9zeXMva2Vybi9zeXN2 X3NlbS5jCisrKyBiL3N5cy9rZXJuL3N5c3Zfc2VtLmMKQEAgLTc5LDYgKzc5LDkgQEAgc3RhdGlj IGludCBzZW11bmxvYWQodm9pZCk7CiBzdGF0aWMgdm9pZCBzZW1leGl0X215aG9vayh2b2lkICph cmcsIHN0cnVjdCBwcm9jICpwKTsKIHN0YXRpYyBpbnQgc3lzY3RsX3NlbWEoU1lTQ1RMX0hBTkRM RVJfQVJHUyk7CiBzdGF0aWMgaW50IHNlbXZhbGlkKGludCBzZW1pZCwgc3RydWN0IHNlbWlkX2tl cm5lbCAqc2VtYWtwdHIpOworc3RhdGljIHZvaWQgc2VtX3JlbW92ZShpbnQgc2VtaWR4LCBzdHJ1 Y3QgdWNyZWQgKmNyZWQpOworc3RhdGljIGludCBzZW1fY2hlY2tfcHJpc29uKHN0cnVjdCB1Y3Jl ZCAqY3JlZCwgc3RydWN0IHNlbWlkX2tlcm5lbCAqc2VtYWtwdHIpOworc3RhdGljIHZvaWQgc3lz dnNlbV9jbGVhbnVwX2Zvcl9wcmlzb25fbXlob29rKHN0cnVjdCBwcmlzb24gKnByKTsKIAogI2lm bmRlZiBfU1lTX1NZU1BST1RPX0hfCiBzdHJ1Y3QgX19zZW1jdGxfYXJnczsKQEAgLTI4Nyw2ICsy OTAsNyBAQCBzZW1pbml0KHZvaWQpCiAJbXR4X2luaXQoJnNlbV91bmRvX210eCwgInNlbXUiLCBO VUxMLCBNVFhfREVGKTsKIAlzZW1leGl0X3RhZyA9IEVWRU5USEFORExFUl9SRUdJU1RFUihwcm9j ZXNzX2V4aXQsIHNlbWV4aXRfbXlob29rLCBOVUxMLAogCSAgICBFVkVOVEhBTkRMRVJfUFJJX0FO WSk7CisJc3lzdnNlbV9jbGVhbnVwX2Zvcl9wcmlzb25faG9vayA9ICZzeXN2c2VtX2NsZWFudXBf Zm9yX3ByaXNvbl9teWhvb2s7CiAKIAllcnJvciA9IHN5c2NhbGxfaGVscGVyX3JlZ2lzdGVyKHNl bV9zeXNjYWxscyk7CiAJaWYgKGVycm9yICE9IDApCkBAIC0zMTMsNiArMzE3LDcgQEAgc2VtdW5s b2FkKHZvaWQpCiAjZW5kaWYKIAlzeXNjYWxsX2hlbHBlcl91bnJlZ2lzdGVyKHNlbV9zeXNjYWxs cyk7CiAJRVZFTlRIQU5ETEVSX0RFUkVHSVNURVIocHJvY2Vzc19leGl0LCBzZW1leGl0X3RhZyk7 CisJc3lzdnNlbV9jbGVhbnVwX2Zvcl9wcmlzb25faG9vayA9IE5VTEw7CiAjaWZkZWYgTUFDCiAJ Zm9yIChpID0gMDsgaSA8IHNlbWluZm8uc2VtbW5pOyBpKyspCiAJCW1hY19zeXN2c2VtX2Rlc3Ry b3koJnNlbWFbaV0pOwpAQCAtNTA2LDYgKzUxMSw3MCBAQCBzZW12YWxpZChpbnQgc2VtaWQsIHN0 cnVjdCBzZW1pZF9rZXJuZWwgKnNlbWFrcHRyKQogCSAgICBzZW1ha3B0ci0+dS5zZW1fcGVybS5z ZXEgIT0gSVBDSURfVE9fU0VRKHNlbWlkKSA/IEVJTlZBTCA6IDApOwogfQogCitzdGF0aWMgdm9p ZAorc2VtX3JlbW92ZShpbnQgc2VtaWR4LCBzdHJ1Y3QgdWNyZWQgKmNyZWQpCit7CisJaW50IGk7 CisJc3RydWN0IHNlbWlkX2tlcm5lbCAqc2VtYWtwdHI7CisKKwlLQVNTRVJUKHNlbWlkeCA+PSAw ICYmIHNlbWlkeCA8IHNlbWluZm8uc2VtbW5pLCAoInNlbWlkeCBvdXQgb2YgYm91bmRzIikpOwor CXNlbWFrcHRyID0gJnNlbWFbc2VtaWR4XTsKKwlzZW1ha3B0ci0+dS5zZW1fcGVybS5jdWlkID0g Y3JlZCA/IGNyZWQtPmNyX3VpZCA6IDA7CisJc2VtYWtwdHItPnUuc2VtX3Blcm0udWlkID0gY3Jl ZCA/IGNyZWQtPmNyX3VpZCA6IDA7CisJc2VtYWtwdHItPnUuc2VtX3Blcm0ubW9kZSA9IDA7CisJ cmFjY3Rfc3ViX2NyZWQoc2VtYWtwdHItPmNyZWQsIFJBQ0NUX05TRU0sIHNlbWFrcHRyLT51LnNl bV9uc2Vtcyk7CisJY3JmcmVlKHNlbWFrcHRyLT5jcmVkKTsKKwlzZW1ha3B0ci0+Y3JlZCA9IE5V TEw7CisJU0VNVU5ET19MT0NLKCk7CisJc2VtdW5kb19jbGVhcihzZW1pZHgsIC0xKTsKKwlTRU1V TkRPX1VOTE9DSygpOworI2lmZGVmIE1BQworCW1hY19zeXN2c2VtX2NsZWFudXAoc2VtYWtwdHIp OworI2VuZGlmCisJd2FrZXVwKHNlbWFrcHRyKTsKKwlmb3IgKGkgPSAwOyBpIDwgc2VtaW5mby5z ZW1tbmk7IGkrKykgeworCQlpZiAoKHNlbWFbaV0udS5zZW1fcGVybS5tb2RlICYgU0VNX0FMTE9D KSAmJgorCQkgICAgc2VtYVtpXS51LnNlbV9iYXNlID4gc2VtYWtwdHItPnUuc2VtX2Jhc2UpCisJ CQltdHhfbG9ja19mbGFncygmc2VtYV9tdHhbaV0sIExPUF9EVVBPSyk7CisJfQorCWZvciAoaSA9 IHNlbWFrcHRyLT51LnNlbV9iYXNlIC0gc2VtOyBpIDwgc2VtdG90OyBpKyspCisJCXNlbVtpXSA9 IHNlbVtpICsgc2VtYWtwdHItPnUuc2VtX25zZW1zXTsKKwlmb3IgKGkgPSAwOyBpIDwgc2VtaW5m by5zZW1tbmk7IGkrKykgeworCQlpZiAoKHNlbWFbaV0udS5zZW1fcGVybS5tb2RlICYgU0VNX0FM TE9DKSAmJgorCQkgICAgc2VtYVtpXS51LnNlbV9iYXNlID4gc2VtYWtwdHItPnUuc2VtX2Jhc2Up IHsKKwkJCXNlbWFbaV0udS5zZW1fYmFzZSAtPSBzZW1ha3B0ci0+dS5zZW1fbnNlbXM7CisJCQlt dHhfdW5sb2NrKCZzZW1hX210eFtpXSk7CisJCX0KKwl9CisJc2VtdG90IC09IHNlbWFrcHRyLT51 LnNlbV9uc2VtczsKK30KKworc3RhdGljIGludAorc2VtX2NoZWNrX3ByaXNvbihzdHJ1Y3QgdWNy ZWQgKmNyZWQsIHN0cnVjdCBzZW1pZF9rZXJuZWwgKnNlbWFrcHRyKQoreworCisJaWYgKHNlbWFr cHRyLT5jcmVkICYmIHNlbWFrcHRyLT5jcmVkLT5jcl9wcmlzb24gIT0gY3JlZC0+Y3JfcHJpc29u KQorCQlyZXR1cm4gKEVBQ0NFUyk7CisJcmV0dXJuICgwKTsKK30KKworc3RhdGljIHZvaWQKK3N5 c3ZzZW1fY2xlYW51cF9mb3JfcHJpc29uX215aG9vayhzdHJ1Y3QgcHJpc29uICpwcikKK3sKKwlp bnQgaTsKKworCW10eF9sb2NrKCZzZW1fbXR4KTsKKwlmb3IgKGkgPSAwOyBpIDwgc2VtaW5mby5z ZW1tbmk7IGkrKykgeworCQlpZiAoKHNlbWFbaV0udS5zZW1fcGVybS5tb2RlICYgU0VNX0FMTE9D KSAmJgorCQkgICAgc2VtYVtpXS5jcmVkICYmIHNlbWFbaV0uY3JlZC0+Y3JfcHJpc29uID09IHBy KSB7CisJCQltdHhfbG9jaygmc2VtYV9tdHhbaV0pOworCQkJc2VtX3JlbW92ZShpLCBOVUxMKTsK KwkJCW10eF91bmxvY2soJnNlbWFfbXR4W2ldKTsKKwkJfQorCX0KKwltdHhfdW5sb2NrKCZzZW1f bXR4KTsKK30KKwogLyoKICAqIE5vdGUgdGhhdCB0aGUgdXNlci1tb2RlIGhhbGYgb2YgdGhpcyBw YXNzZXMgYSB1bmlvbiwgbm90IGEgcG9pbnRlci4KICAqLwpAQCAtNjEwLDYgKzY3OSw4IEBAIGtl cm5fc2VtY3RsKHN0cnVjdCB0aHJlYWQgKnRkLCBpbnQgc2VtaWQsIGludCBzZW1udW0sIGludCBj bWQsCiAJCQllcnJvciA9IEVJTlZBTDsKIAkJCWdvdG8gZG9uZTI7CiAJCX0KKwkJaWYgKChlcnJv ciA9IHNlbV9jaGVja19wcmlzb24odGQtPnRkX3VjcmVkLCBzZW1ha3B0cikpICE9IDApCisJCQln b3RvIGRvbmUyOwogCQlpZiAoKGVycm9yID0gaXBjcGVybSh0ZCwgJnNlbWFrcHRyLT51LnNlbV9w ZXJtLCBJUENfUikpKQogCQkJZ290byBkb25lMjsKICNpZmRlZiBNQUMKQEAgLTY0NSw0MSArNzE2 LDE4IEBAIGtlcm5fc2VtY3RsKHN0cnVjdCB0aHJlYWQgKnRkLCBpbnQgc2VtaWQsIGludCBzZW1u dW0sIGludCBjbWQsCiAJY2FzZSBJUENfUk1JRDoKIAkJaWYgKChlcnJvciA9IHNlbXZhbGlkKHNl bWlkLCBzZW1ha3B0cikpICE9IDApCiAJCQlnb3RvIGRvbmUyOworCQlpZiAoKGVycm9yID0gc2Vt X2NoZWNrX3ByaXNvbih0ZC0+dGRfdWNyZWQsIHNlbWFrcHRyKSkgIT0gMCkKKwkJCWdvdG8gZG9u ZTI7CiAJCWlmICgoZXJyb3IgPSBpcGNwZXJtKHRkLCAmc2VtYWtwdHItPnUuc2VtX3Blcm0sIElQ Q19NKSkpCiAJCQlnb3RvIGRvbmUyOwotCQlzZW1ha3B0ci0+dS5zZW1fcGVybS5jdWlkID0gY3Jl ZC0+Y3JfdWlkOwotCQlzZW1ha3B0ci0+dS5zZW1fcGVybS51aWQgPSBjcmVkLT5jcl91aWQ7Ci0J CXNlbWFrcHRyLT51LnNlbV9wZXJtLm1vZGUgPSAwOwotCQlyYWNjdF9zdWJfY3JlZChzZW1ha3B0 ci0+Y3JlZCwgUkFDQ1RfTlNFTSwgc2VtYWtwdHItPnUuc2VtX25zZW1zKTsKLQkJY3JmcmVlKHNl bWFrcHRyLT5jcmVkKTsKLQkJc2VtYWtwdHItPmNyZWQgPSBOVUxMOwotCQlTRU1VTkRPX0xPQ0so KTsKLQkJc2VtdW5kb19jbGVhcihzZW1pZHgsIC0xKTsKLQkJU0VNVU5ET19VTkxPQ0soKTsKLSNp ZmRlZiBNQUMKLQkJbWFjX3N5c3ZzZW1fY2xlYW51cChzZW1ha3B0cik7Ci0jZW5kaWYKLQkJd2Fr ZXVwKHNlbWFrcHRyKTsKLQkJZm9yIChpID0gMDsgaSA8IHNlbWluZm8uc2VtbW5pOyBpKyspIHsK LQkJCWlmICgoc2VtYVtpXS51LnNlbV9wZXJtLm1vZGUgJiBTRU1fQUxMT0MpICYmCi0JCQkgICAg c2VtYVtpXS51LnNlbV9iYXNlID4gc2VtYWtwdHItPnUuc2VtX2Jhc2UpCi0JCQkJbXR4X2xvY2tf ZmxhZ3MoJnNlbWFfbXR4W2ldLCBMT1BfRFVQT0spOwotCQl9Ci0JCWZvciAoaSA9IHNlbWFrcHRy LT51LnNlbV9iYXNlIC0gc2VtOyBpIDwgc2VtdG90OyBpKyspCi0JCQlzZW1baV0gPSBzZW1baSAr IHNlbWFrcHRyLT51LnNlbV9uc2Vtc107Ci0JCWZvciAoaSA9IDA7IGkgPCBzZW1pbmZvLnNlbW1u aTsgaSsrKSB7Ci0JCQlpZiAoKHNlbWFbaV0udS5zZW1fcGVybS5tb2RlICYgU0VNX0FMTE9DKSAm JgotCQkJICAgIHNlbWFbaV0udS5zZW1fYmFzZSA+IHNlbWFrcHRyLT51LnNlbV9iYXNlKSB7Ci0J CQkJc2VtYVtpXS51LnNlbV9iYXNlIC09IHNlbWFrcHRyLT51LnNlbV9uc2VtczsKLQkJCQltdHhf dW5sb2NrKCZzZW1hX210eFtpXSk7Ci0JCQl9Ci0JCX0KLQkJc2VtdG90IC09IHNlbWFrcHRyLT51 LnNlbV9uc2VtczsKKwkJc2VtX3JlbW92ZShzZW1pZHgsIGNyZWQpOwogCQlicmVhazsKIAogCWNh c2UgSVBDX1NFVDoKIAkJaWYgKChlcnJvciA9IHNlbXZhbGlkKHNlbWlkLCBzZW1ha3B0cikpICE9 IDApCiAJCQlnb3RvIGRvbmUyOworCQlpZiAoKGVycm9yID0gc2VtX2NoZWNrX3ByaXNvbih0ZC0+ dGRfdWNyZWQsIHNlbWFrcHRyKSkgIT0gMCkKKwkJCWdvdG8gZG9uZTI7CiAJCWlmICgoZXJyb3Ig PSBpcGNwZXJtKHRkLCAmc2VtYWtwdHItPnUuc2VtX3Blcm0sIElQQ19NKSkpCiAJCQlnb3RvIGRv bmUyOwogCQlzYnVmID0gYXJnLT5idWY7CkBAIC02OTMsNiArNzQxLDggQEAga2Vybl9zZW1jdGwo c3RydWN0IHRocmVhZCAqdGQsIGludCBzZW1pZCwgaW50IHNlbW51bSwgaW50IGNtZCwKIAljYXNl IElQQ19TVEFUOgogCQlpZiAoKGVycm9yID0gc2VtdmFsaWQoc2VtaWQsIHNlbWFrcHRyKSkgIT0g MCkKIAkJCWdvdG8gZG9uZTI7CisJCWlmICgoZXJyb3IgPSBzZW1fY2hlY2tfcHJpc29uKHRkLT50 ZF91Y3JlZCwgc2VtYWtwdHIpKSAhPSAwKQorCQkJZ290byBkb25lMjsKIAkJaWYgKChlcnJvciA9 IGlwY3Blcm0odGQsICZzZW1ha3B0ci0+dS5zZW1fcGVybSwgSVBDX1IpKSkKIAkJCWdvdG8gZG9u ZTI7CiAJCWJjb3B5KCZzZW1ha3B0ci0+dSwgYXJnLT5idWYsIHNpemVvZihzdHJ1Y3Qgc2VtaWRf ZHMpKTsKQEAgLTcwMSw2ICs3NTEsOCBAQCBrZXJuX3NlbWN0bChzdHJ1Y3QgdGhyZWFkICp0ZCwg aW50IHNlbWlkLCBpbnQgc2VtbnVtLCBpbnQgY21kLAogCWNhc2UgR0VUTkNOVDoKIAkJaWYgKChl cnJvciA9IHNlbXZhbGlkKHNlbWlkLCBzZW1ha3B0cikpICE9IDApCiAJCQlnb3RvIGRvbmUyOwor CQlpZiAoKGVycm9yID0gc2VtX2NoZWNrX3ByaXNvbih0ZC0+dGRfdWNyZWQsIHNlbWFrcHRyKSkg IT0gMCkKKwkJCWdvdG8gZG9uZTI7CiAJCWlmICgoZXJyb3IgPSBpcGNwZXJtKHRkLCAmc2VtYWtw dHItPnUuc2VtX3Blcm0sIElQQ19SKSkpCiAJCQlnb3RvIGRvbmUyOwogCQlpZiAoc2VtbnVtIDwg MCB8fCBzZW1udW0gPj0gc2VtYWtwdHItPnUuc2VtX25zZW1zKSB7CkBAIC03MTMsNiArNzY1LDgg QEAga2Vybl9zZW1jdGwoc3RydWN0IHRocmVhZCAqdGQsIGludCBzZW1pZCwgaW50IHNlbW51bSwg aW50IGNtZCwKIAljYXNlIEdFVFBJRDoKIAkJaWYgKChlcnJvciA9IHNlbXZhbGlkKHNlbWlkLCBz ZW1ha3B0cikpICE9IDApCiAJCQlnb3RvIGRvbmUyOworCQlpZiAoKGVycm9yID0gc2VtX2NoZWNr X3ByaXNvbih0ZC0+dGRfdWNyZWQsIHNlbWFrcHRyKSkgIT0gMCkKKwkJCWdvdG8gZG9uZTI7CiAJ CWlmICgoZXJyb3IgPSBpcGNwZXJtKHRkLCAmc2VtYWtwdHItPnUuc2VtX3Blcm0sIElQQ19SKSkp CiAJCQlnb3RvIGRvbmUyOwogCQlpZiAoc2VtbnVtIDwgMCB8fCBzZW1udW0gPj0gc2VtYWtwdHIt PnUuc2VtX25zZW1zKSB7CkBAIC03MjUsNiArNzc5LDggQEAga2Vybl9zZW1jdGwoc3RydWN0IHRo cmVhZCAqdGQsIGludCBzZW1pZCwgaW50IHNlbW51bSwgaW50IGNtZCwKIAljYXNlIEdFVFZBTDoK IAkJaWYgKChlcnJvciA9IHNlbXZhbGlkKHNlbWlkLCBzZW1ha3B0cikpICE9IDApCiAJCQlnb3Rv IGRvbmUyOworCQlpZiAoKGVycm9yID0gc2VtX2NoZWNrX3ByaXNvbih0ZC0+dGRfdWNyZWQsIHNl bWFrcHRyKSkgIT0gMCkKKwkJCWdvdG8gZG9uZTI7CiAJCWlmICgoZXJyb3IgPSBpcGNwZXJtKHRk LCAmc2VtYWtwdHItPnUuc2VtX3Blcm0sIElQQ19SKSkpCiAJCQlnb3RvIGRvbmUyOwogCQlpZiAo c2VtbnVtIDwgMCB8fCBzZW1udW0gPj0gc2VtYWtwdHItPnUuc2VtX25zZW1zKSB7CkBAIC03NjIs NiArODE4LDggQEAga2Vybl9zZW1jdGwoc3RydWN0IHRocmVhZCAqdGQsIGludCBzZW1pZCwgaW50 IHNlbW51bSwgaW50IGNtZCwKIAkJaWYgKChlcnJvciA9IHNlbXZhbGlkKHNlbWlkLCBzZW1ha3B0 cikpICE9IDApCiAJCQlnb3RvIGRvbmUyOwogCQlLQVNTRVJUKGNvdW50ID09IHNlbWFrcHRyLT51 LnNlbV9uc2VtcywgKCJuc2VtcyBjaGFuZ2VkIikpOworCQlpZiAoKGVycm9yID0gc2VtX2NoZWNr X3ByaXNvbih0ZC0+dGRfdWNyZWQsIHNlbWFrcHRyKSkgIT0gMCkKKwkJCWdvdG8gZG9uZTI7CiAJ CWlmICgoZXJyb3IgPSBpcGNwZXJtKHRkLCAmc2VtYWtwdHItPnUuc2VtX3Blcm0sIElQQ19SKSkp CiAJCQlnb3RvIGRvbmUyOwogCQlmb3IgKGkgPSAwOyBpIDwgc2VtYWtwdHItPnUuc2VtX25zZW1z OyBpKyspCkBAIC03NzQsNiArODMyLDggQEAga2Vybl9zZW1jdGwoc3RydWN0IHRocmVhZCAqdGQs IGludCBzZW1pZCwgaW50IHNlbW51bSwgaW50IGNtZCwKIAljYXNlIEdFVFpDTlQ6CiAJCWlmICgo ZXJyb3IgPSBzZW12YWxpZChzZW1pZCwgc2VtYWtwdHIpKSAhPSAwKQogCQkJZ290byBkb25lMjsK KwkJaWYgKChlcnJvciA9IHNlbV9jaGVja19wcmlzb24odGQtPnRkX3VjcmVkLCBzZW1ha3B0cikp ICE9IDApCisJCQlnb3RvIGRvbmUyOwogCQlpZiAoKGVycm9yID0gaXBjcGVybSh0ZCwgJnNlbWFr cHRyLT51LnNlbV9wZXJtLCBJUENfUikpKQogCQkJZ290byBkb25lMjsKIAkJaWYgKHNlbW51bSA8 IDAgfHwgc2VtbnVtID49IHNlbWFrcHRyLT51LnNlbV9uc2VtcykgewpAQCAtNzg2LDYgKzg0Niw4 IEBAIGtlcm5fc2VtY3RsKHN0cnVjdCB0aHJlYWQgKnRkLCBpbnQgc2VtaWQsIGludCBzZW1udW0s IGludCBjbWQsCiAJY2FzZSBTRVRWQUw6CiAJCWlmICgoZXJyb3IgPSBzZW12YWxpZChzZW1pZCwg c2VtYWtwdHIpKSAhPSAwKQogCQkJZ290byBkb25lMjsKKwkJaWYgKChlcnJvciA9IHNlbV9jaGVj a19wcmlzb24odGQtPnRkX3VjcmVkLCBzZW1ha3B0cikpICE9IDApCisJCQlnb3RvIGRvbmUyOwog CQlpZiAoKGVycm9yID0gaXBjcGVybSh0ZCwgJnNlbWFrcHRyLT51LnNlbV9wZXJtLCBJUENfVykp KQogCQkJZ290byBkb25lMjsKIAkJaWYgKHNlbW51bSA8IDAgfHwgc2VtbnVtID49IHNlbWFrcHRy LT51LnNlbV9uc2VtcykgewpAQCAtODE4LDYgKzg4MCw4IEBAIGtlcm5fc2VtY3RsKHN0cnVjdCB0 aHJlYWQgKnRkLCBpbnQgc2VtaWQsIGludCBzZW1udW0sIGludCBjbWQsCiAJCWlmICgoZXJyb3Ig PSBzZW12YWxpZChzZW1pZCwgc2VtYWtwdHIpKSAhPSAwKQogCQkJZ290byBkb25lMjsKIAkJS0FT U0VSVChjb3VudCA9PSBzZW1ha3B0ci0+dS5zZW1fbnNlbXMsICgibnNlbXMgY2hhbmdlZCIpKTsK KwkJaWYgKChlcnJvciA9IHNlbV9jaGVja19wcmlzb24odGQtPnRkX3VjcmVkLCBzZW1ha3B0cikp ICE9IDApCisJCQlnb3RvIGRvbmUyOwogCQlpZiAoKGVycm9yID0gaXBjcGVybSh0ZCwgJnNlbWFr cHRyLT51LnNlbV9wZXJtLCBJUENfVykpKQogCQkJZ290byBkb25lMjsKIAkJZm9yIChpID0gMDsg aSA8IHNlbWFrcHRyLT51LnNlbV9uc2VtczsgaSsrKSB7CkBAIC04NzIsNiArOTM2LDcgQEAgc3lz X3NlbWdldChzdHJ1Y3QgdGhyZWFkICp0ZCwgc3RydWN0IHNlbWdldF9hcmdzICp1YXApCiAJaWYg KGtleSAhPSBJUENfUFJJVkFURSkgewogCQlmb3IgKHNlbWlkID0gMDsgc2VtaWQgPCBzZW1pbmZv LnNlbW1uaTsgc2VtaWQrKykgewogCQkJaWYgKChzZW1hW3NlbWlkXS51LnNlbV9wZXJtLm1vZGUg JiBTRU1fQUxMT0MpICYmCisJCQkgICAgc2VtYVtzZW1pZF0uY3JlZCAmJiBzZW1hW3NlbWlkXS5j cmVkLT5jcl9wcmlzb24gPT0gY3JlZC0+Y3JfcHJpc29uICYmCiAJCQkgICAgc2VtYVtzZW1pZF0u dS5zZW1fcGVybS5rZXkgPT0ga2V5KQogCQkJCWJyZWFrOwogCQl9CkBAIC0xMDQ5LDYgKzExMTQs OCBAQCBzeXNfc2Vtb3Aoc3RydWN0IHRocmVhZCAqdGQsIHN0cnVjdCBzZW1vcF9hcmdzICp1YXAp CiAJCWVycm9yID0gRUlOVkFMOwogCQlnb3RvIGRvbmUyOwogCX0KKwlpZiAoKGVycm9yID0gc2Vt X2NoZWNrX3ByaXNvbih0ZC0+dGRfdWNyZWQsIHNlbWFrcHRyKSkgIT0gMCkKKwkJZ290byBkb25l MjsKIAkvKgogCSAqIEluaXRpYWwgcGFzcyB0aHJ1IHNvcHMgdG8gc2VlIHdoYXQgcGVybWlzc2lv bnMgYXJlIG5lZWRlZC4KIAkgKiBBbHNvIHBlcmZvcm0gYW55IGNoZWNrcyB0aGF0IGRvbid0IG5l ZWQgcmVwZWF0aW5nIG9uIGVhY2gKZGlmZiAtLWdpdCBhL3N5cy9rZXJuL3N5c3Zfc2htLmMgYi9z eXMva2Vybi9zeXN2X3NobS5jCmluZGV4IDY2YTJhNDMuLmEzYjQ3ZTggMTAwNjQ0Ci0tLSBhL3N5 cy9rZXJuL3N5c3Zfc2htLmMKKysrIGIvc3lzL2tlcm4vc3lzdl9zaG0uYwpAQCAtMTIwLDcgKzEy MCw3IEBAIHN0cnVjdCBzaG1tYXBfc3RhdGUgewogfTsKIAogc3RhdGljIHZvaWQgc2htX2RlYWxs b2NhdGVfc2VnbWVudChzdHJ1Y3Qgc2htaWRfa2VybmVsICopOwotc3RhdGljIGludCBzaG1fZmlu ZF9zZWdtZW50X2J5X2tleShrZXlfdCk7CitzdGF0aWMgaW50IHNobV9maW5kX3NlZ21lbnRfYnlf a2V5KGtleV90LCBzdHJ1Y3QgcHJpc29uICopOwogc3RhdGljIHN0cnVjdCBzaG1pZF9rZXJuZWwg KnNobV9maW5kX3NlZ21lbnQoaW50LCBib29sKTsKIHN0YXRpYyBpbnQgc2htX2RlbGV0ZV9tYXBw aW5nKHN0cnVjdCB2bXNwYWNlICp2bSwgc3RydWN0IHNobW1hcF9zdGF0ZSAqKTsKIHN0YXRpYyB2 b2lkIHNobXJlYWxsb2Modm9pZCk7CkBAIC0xMzAsNiArMTMwLDkgQEAgc3RhdGljIGludCBzaG11 bmxvYWQodm9pZCk7CiBzdGF0aWMgdm9pZCBzaG1leGl0X215aG9vayhzdHJ1Y3Qgdm1zcGFjZSAq dm0pOwogc3RhdGljIHZvaWQgc2htZm9ya19teWhvb2soc3RydWN0IHByb2MgKnAxLCBzdHJ1Y3Qg cHJvYyAqcDIpOwogc3RhdGljIGludCBzeXNjdGxfc2htc2VncyhTWVNDVExfSEFORExFUl9BUkdT KTsKK3N0YXRpYyB2b2lkIHNobV9yZW1vdmUoc3RydWN0IHNobWlkX2tlcm5lbCAqLCBpbnQpOwor c3RhdGljIGludCBzaG1fY2hlY2tfcHJpc29uKHN0cnVjdCB1Y3JlZCAqLCBzdHJ1Y3Qgc2htaWRf a2VybmVsICopOworc3RhdGljIHZvaWQgc3lzdnNobV9jbGVhbnVwX2Zvcl9wcmlzb25fbXlob29r KHN0cnVjdCBwcmlzb24gKik7CiAKIC8qCiAgKiBUdW5lYWJsZSB2YWx1ZXMuCkBAIC0xODksMTIg KzE5MiwxMyBAQCBzdGF0aWMgc3RydWN0IHN4IHN5c3ZzaG1zeDsKICNkZWZpbmUJU1lTVlNITV9B U1NFUlRfTE9DS0VEKCkJc3hfYXNzZXJ0KCZzeXN2c2htc3gsIFNBX1hMT0NLRUQpCiAKIHN0YXRp YyBpbnQKLXNobV9maW5kX3NlZ21lbnRfYnlfa2V5KGtleV90IGtleSkKK3NobV9maW5kX3NlZ21l bnRfYnlfa2V5KGtleV90IGtleSwgc3RydWN0IHByaXNvbiAqcHIpCiB7CiAJaW50IGk7CiAKIAlm b3IgKGkgPSAwOyBpIDwgc2htYWxsb2NlZDsgaSsrKQogCQlpZiAoKHNobXNlZ3NbaV0udS5zaG1f cGVybS5tb2RlICYgU0hNU0VHX0FMTE9DQVRFRCkgJiYKKwkJICAgIHNobXNlZ3NbaV0uY3JlZCAm JiBzaG1zZWdzW2ldLmNyZWQtPmNyX3ByaXNvbiA9PSBwciAmJgogCQkgICAgc2htc2Vnc1tpXS51 LnNobV9wZXJtLmtleSA9PSBrZXkpCiAJCQlyZXR1cm4gKGkpOwogCXJldHVybiAoLTEpOwpAQCAt MjcxLDYgKzI3NSw0NSBAQCBzaG1fZGVsZXRlX21hcHBpbmcoc3RydWN0IHZtc3BhY2UgKnZtLCBz dHJ1Y3Qgc2htbWFwX3N0YXRlICpzaG1tYXBfcykKIAlyZXR1cm4gKDApOwogfQogCitzdGF0aWMg dm9pZAorc2htX3JlbW92ZShzdHJ1Y3Qgc2htaWRfa2VybmVsICpzaG1zZWcsIGludCBzZWdudW0p Cit7CisKKwlzaG1zZWctPnUuc2htX3Blcm0ua2V5ID0gSVBDX1BSSVZBVEU7CisJc2htc2VnLT51 LnNobV9wZXJtLm1vZGUgfD0gU0hNU0VHX1JFTU9WRUQ7CisJaWYgKHNobXNlZy0+dS5zaG1fbmF0 dGNoIDw9IDApIHsKKwkJc2htX2RlYWxsb2NhdGVfc2VnbWVudChzaG1zZWcpOworCQlzaG1fbGFz dF9mcmVlID0gc2VnbnVtOworCX0KK30KKworc3RhdGljIGludAorc2htX2NoZWNrX3ByaXNvbihz dHJ1Y3QgdWNyZWQgKmNyZWQsIHN0cnVjdCBzaG1pZF9rZXJuZWwgKnNobXNlZykKK3sKKworCWlm IChzaG1zZWctPmNyZWQgJiYgc2htc2VnLT5jcmVkLT5jcl9wcmlzb24gIT0gY3JlZC0+Y3JfcHJp c29uKQorCQlyZXR1cm4gKEVBQ0NFUyk7CisJcmV0dXJuICgwKTsKK30KKworc3RhdGljIHZvaWQK K3N5c3ZzaG1fY2xlYW51cF9mb3JfcHJpc29uX215aG9vayhzdHJ1Y3QgcHJpc29uICpwcikKK3sK KwlpbnQgaTsKKworCVNZU1ZTSE1fTE9DSygpOworCWZvciAoaSA9IDA7IGkgPCBzaG1hbGxvY2Vk OyBpKyspIHsKKwkJc3RydWN0IHNobWlkX2tlcm5lbCAqc2htc2VnOworCisJCXNobXNlZyA9ICZz aG1zZWdzW2ldOworCQlpZiAoKHNobXNlZy0+dS5zaG1fcGVybS5tb2RlICYgU0hNU0VHX0FMTE9D QVRFRCkgJiYKKwkJICAgIHNobXNlZy0+Y3JlZC0+Y3JfcHJpc29uID09IHByKSB7CisJCQlzaG1f cmVtb3ZlKHNobXNlZywgaSk7CisJCX0KKwl9CisJU1lTVlNITV9VTkxPQ0soKTsKK30KKwogc3Rh dGljIGludAoga2Vybl9zaG1kdF9sb2NrZWQoc3RydWN0IHRocmVhZCAqdGQsIGNvbnN0IHZvaWQg KnNobWFkZHIpCiB7CkBAIC0zNDgsNiArMzkxLDkgQEAga2Vybl9zaG1hdF9sb2NrZWQoc3RydWN0 IHRocmVhZCAqdGQsIGludCBzaG1pZCwgY29uc3Qgdm9pZCAqc2htYWRkciwKIAlzaG1zZWcgPSBz aG1fZmluZF9zZWdtZW50KHNobWlkLCB0cnVlKTsKIAlpZiAoc2htc2VnID09IE5VTEwpCiAJCXJl dHVybiAoRUlOVkFMKTsKKwllcnJvciA9IHNobV9jaGVja19wcmlzb24odGQtPnRkX3VjcmVkLCBz aG1zZWcpOworCWlmIChlcnJvciAhPSAwKQorCQlyZXR1cm4gKGVycm9yKTsKIAllcnJvciA9IGlw Y3Blcm0odGQsICZzaG1zZWctPnUuc2htX3Blcm0sCiAJICAgIChzaG1mbGcgJiBTSE1fUkRPTkxZ KSA/IElQQ19SIDogSVBDX1J8SVBDX1cpOwogCWlmIChlcnJvciAhPSAwKQpAQCAtNDg1LDYgKzUz MSw5IEBAIGtlcm5fc2htY3RsX2xvY2tlZChzdHJ1Y3QgdGhyZWFkICp0ZCwgaW50IHNobWlkLCBp bnQgY21kLCB2b2lkICpidWYsCiAJc3dpdGNoIChjbWQpIHsKIAljYXNlIFNITV9TVEFUOgogCWNh c2UgSVBDX1NUQVQ6CisJCWVycm9yID0gc2htX2NoZWNrX3ByaXNvbih0ZC0+dGRfdWNyZWQsIHNo bXNlZyk7CisJCWlmIChlcnJvciAhPSAwKQorCQkJcmV0dXJuIChlcnJvcik7CiAJCWVycm9yID0g aXBjcGVybSh0ZCwgJnNobXNlZy0+dS5zaG1fcGVybSwgSVBDX1IpOwogCQlpZiAoZXJyb3IgIT0g MCkKIAkJCXJldHVybiAoZXJyb3IpOwpAQCAtNDk4LDYgKzU0Nyw5IEBAIGtlcm5fc2htY3RsX2xv Y2tlZChzdHJ1Y3QgdGhyZWFkICp0ZCwgaW50IHNobWlkLCBpbnQgY21kLCB2b2lkICpidWYsCiAJ CWJyZWFrOwogCWNhc2UgSVBDX1NFVDoKIAkJc2htaWRwID0gKHN0cnVjdCBzaG1pZF9kcyAqKWJ1 ZjsKKwkJZXJyb3IgPSBzaG1fY2hlY2tfcHJpc29uKHRkLT50ZF91Y3JlZCwgc2htc2VnKTsKKwkJ aWYgKGVycm9yICE9IDApCisJCQlyZXR1cm4gKGVycm9yKTsKIAkJZXJyb3IgPSBpcGNwZXJtKHRk LCAmc2htc2VnLT51LnNobV9wZXJtLCBJUENfTSk7CiAJCWlmIChlcnJvciAhPSAwKQogCQkJcmV0 dXJuIChlcnJvcik7CkBAIC01MDksMTUgKzU2MSwxNCBAQCBrZXJuX3NobWN0bF9sb2NrZWQoc3Ry dWN0IHRocmVhZCAqdGQsIGludCBzaG1pZCwgaW50IGNtZCwgdm9pZCAqYnVmLAogCQlzaG1zZWct PnUuc2htX2N0aW1lID0gdGltZV9zZWNvbmQ7CiAJCWJyZWFrOwogCWNhc2UgSVBDX1JNSUQ6CisJ CWVycm9yID0gc2htX2NoZWNrX3ByaXNvbih0ZC0+dGRfdWNyZWQsIHNobXNlZyk7CisJCWlmIChl cnJvciAhPSAwKQorCQkJcmV0dXJuIChlcnJvcik7CiAJCWVycm9yID0gaXBjcGVybSh0ZCwgJnNo bXNlZy0+dS5zaG1fcGVybSwgSVBDX00pOwogCQlpZiAoZXJyb3IgIT0gMCkKIAkJCXJldHVybiAo ZXJyb3IpOwotCQlzaG1zZWctPnUuc2htX3Blcm0ua2V5ID0gSVBDX1BSSVZBVEU7Ci0JCXNobXNl Zy0+dS5zaG1fcGVybS5tb2RlIHw9IFNITVNFR19SRU1PVkVEOwotCQlpZiAoc2htc2VnLT51LnNo bV9uYXR0Y2ggPD0gMCkgewotCQkJc2htX2RlYWxsb2NhdGVfc2VnbWVudChzaG1zZWcpOwotCQkJ c2htX2xhc3RfZnJlZSA9IElQQ0lEX1RPX0lYKHNobWlkKTsKLQkJfQorCisJCXNobV9yZW1vdmUo c2htc2VnLCBJUENJRF9UT19JWChzaG1pZCkpOwogCQlicmVhazsKICNpZiAwCiAJY2FzZSBTSE1f TE9DSzoKQEAgLTcyNyw3ICs3NzgsNyBAQCBzeXNfc2htZ2V0KHN0cnVjdCB0aHJlYWQgKnRkLCBz dHJ1Y3Qgc2htZ2V0X2FyZ3MgKnVhcCkKIAlpZiAodWFwLT5rZXkgPT0gSVBDX1BSSVZBVEUpIHsK IAkJZXJyb3IgPSBzaG1nZXRfYWxsb2NhdGVfc2VnbWVudCh0ZCwgdWFwLCBtb2RlKTsKIAl9IGVs c2UgewotCQlzZWdudW0gPSBzaG1fZmluZF9zZWdtZW50X2J5X2tleSh1YXAtPmtleSk7CisJCXNl Z251bSA9IHNobV9maW5kX3NlZ21lbnRfYnlfa2V5KHVhcC0+a2V5LCB0ZC0+dGRfdWNyZWQtPmNy X3ByaXNvbik7CiAJCWlmIChzZWdudW0gPj0gMCkKIAkJCWVycm9yID0gc2htZ2V0X2V4aXN0aW5n KHRkLCB1YXAsIG1vZGUsIHNlZ251bSk7CiAJCWVsc2UgaWYgKCh1YXAtPnNobWZsZyAmIElQQ19D UkVBVCkgPT0gMCkKQEAgLTg4Myw2ICs5MzQsNyBAQCBzaG1pbml0KHZvaWQpCiAJc3hfaW5pdCgm c3lzdnNobXN4LCAic3lzdnNobXN4Iik7CiAJc2htZXhpdF9ob29rID0gJnNobWV4aXRfbXlob29r OwogCXNobWZvcmtfaG9vayA9ICZzaG1mb3JrX215aG9vazsKKwlzeXN2c2htX2NsZWFudXBfZm9y X3ByaXNvbl9ob29rID0gJnN5c3ZzaG1fY2xlYW51cF9mb3JfcHJpc29uX215aG9vazsKIAogCWVy cm9yID0gc3lzY2FsbF9oZWxwZXJfcmVnaXN0ZXIoc2htX3N5c2NhbGxzKTsKIAlpZiAoZXJyb3Ig IT0gMCkKQEAgLTkyMyw2ICs5NzUsNyBAQCBzaG11bmxvYWQodm9pZCkKIAlmcmVlKHNobXNlZ3Ms IE1fU0hNKTsKIAlzaG1leGl0X2hvb2sgPSBOVUxMOwogCXNobWZvcmtfaG9vayA9IE5VTEw7CisJ c3lzdnNobV9jbGVhbnVwX2Zvcl9wcmlzb25faG9vayA9IE5VTEw7CiAJc3hfZGVzdHJveSgmc3lz dnNobXN4KTsKIAlyZXR1cm4gKDApOwogfQpAQCAtOTc3LDYgKzEwMzAsOSBAQCBvc2htY3RsKHN0 cnVjdCB0aHJlYWQgKnRkLCBzdHJ1Y3Qgb3NobWN0bF9hcmdzICp1YXApCiAJCVNZU1ZTSE1fVU5M T0NLKCk7CiAJCXJldHVybiAoRUlOVkFMKTsKIAl9CisJZXJyb3IgPSBzaG1fY2hlY2tfcHJpc29u KHRkLT50ZF91Y3JlZCwgc2htc2VnKTsKKwlpZiAoZXJyb3IgIT0gMCkKKwkJcmV0dXJuIChlcnJv cik7CiAJZXJyb3IgPSBpcGNwZXJtKHRkLCAmc2htc2VnLT51LnNobV9wZXJtLCBJUENfUik7CiAJ aWYgKGVycm9yICE9IDApIHsKIAkJU1lTVlNITV9VTkxPQ0soKTsKZGlmZiAtLWdpdCBhL3N5cy9z eXMvaXBjLmggYi9zeXMvc3lzL2lwYy5oCmluZGV4IGU2NDNkNDguLmE1M2E4NTEgMTAwNjQ0Ci0t LSBhL3N5cy9zeXMvaXBjLmgKKysrIGIvc3lzL3N5cy9pcGMuaApAQCAtMTI2LDYgKzEyNiw3IEBA IHN0cnVjdCBpcGNfcGVybSB7CiBzdHJ1Y3QgdGhyZWFkOwogc3RydWN0IHByb2M7CiBzdHJ1Y3Qg dm1zcGFjZTsKK3N0cnVjdCBwcmlzb247CiAKICNpZiBkZWZpbmVkKENPTVBBVF9GUkVFQlNENCkg fHwgZGVmaW5lZChDT01QQVRfRlJFRUJTRDUpIHx8IFwKICAgICBkZWZpbmVkKENPTVBBVF9GUkVF QlNENikgfHwgZGVmaW5lZChDT01QQVRfRlJFRUJTRDcpCkBAIC0xMzMsOSArMTM0LDEzIEBAIHZv aWQJaXBjcGVybV9vbGQybmV3KHN0cnVjdCBpcGNfcGVybV9vbGQgKiwgc3RydWN0IGlwY19wZXJt ICopOwogdm9pZAlpcGNwZXJtX25ldzJvbGQoc3RydWN0IGlwY19wZXJtICosIHN0cnVjdCBpcGNf cGVybV9vbGQgKik7CiAjZW5kaWYKIAordm9pZCBpcGNfY2xlYW51cF9mb3JfcHJpc29uKHN0cnVj dCBwcmlzb24gKik7CiBpbnQJaXBjcGVybShzdHJ1Y3QgdGhyZWFkICosIHN0cnVjdCBpcGNfcGVy bSAqLCBpbnQpOwogZXh0ZXJuIHZvaWQgKCpzaG1mb3JrX2hvb2spKHN0cnVjdCBwcm9jICosIHN0 cnVjdCBwcm9jICopOwogZXh0ZXJuIHZvaWQgKCpzaG1leGl0X2hvb2spKHN0cnVjdCB2bXNwYWNl ICopOworZXh0ZXJuIHZvaWQgKCpzeXN2c2htX2NsZWFudXBfZm9yX3ByaXNvbl9ob29rKShzdHJ1 Y3QgcHJpc29uICopOworZXh0ZXJuIHZvaWQgKCpzeXN2bXNxX2NsZWFudXBfZm9yX3ByaXNvbl9o b29rKShzdHJ1Y3QgcHJpc29uICopOworZXh0ZXJuIHZvaWQgKCpzeXN2c2VtX2NsZWFudXBfZm9y X3ByaXNvbl9ob29rKShzdHJ1Y3QgcHJpc29uICopOwogCiAjZWxzZSAvKiAhIF9LRVJORUwgKi8K IAo= --001a114e5992f93c6d0517ccc075-- From owner-freebsd-jail@FreeBSD.ORG Fri Jun 5 23:53:54 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6B9DE632 for ; Fri, 5 Jun 2015 23:53:54 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 022A91848 for ; Fri, 5 Jun 2015 23:53:54 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: by wigg3 with SMTP id g3so1086888wig.1 for ; Fri, 05 Jun 2015 16:53:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=Jn0ACdNXrc6YXwu7Xzbw7DFjt1gCBo8wKScg8rA1bAU=; b=yiDePHCz5SEykOm/DVAv3fTlzxQQwAZSSFWKdbwoAeY/OmsQ5unxKs7vOsRgIaQDGc WzOBuisWwHdgVVAO/0GTvs9QgAFWzTXmq7yKEvOwUpLtn6AkK2hh/ClhRifWPSBye+7g +QEZjprmje+gSxAS2MDp3u3entEY4bQJPPsfki3xaS+Ti3kZz5tU+vjvu3ffIhxCamlr DgXcmH3HMp9X2VN5uqfHLmpFToz/KdJLesVPrtgTID1ETpwKXL+PW/y7eyfl0CTSW2/w qxwHPedo4vPGvoosGvtO/5azDMl8wiYKizpGlcAZwRP61R+slIjCgAs7cXY7ewgy5YkU w8/w== X-Received: by 10.180.37.229 with SMTP id b5mr1208171wik.16.1433548432523; Fri, 05 Jun 2015 16:53:52 -0700 (PDT) Received: from dft-labs.eu (n1x0n-1-pt.tunnel.tserv5.lon1.ipv6.he.net. [2001:470:1f08:1f7::2]) by mx.google.com with ESMTPSA id df1sm44920wib.12.2015.06.05.16.53.50 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Fri, 05 Jun 2015 16:53:51 -0700 (PDT) Date: Sat, 6 Jun 2015 01:53:48 +0200 From: Mateusz Guzik To: kikuchan Cc: freebsd-jail@freebsd.org Subject: Re: [patch] separate SysV IPC namespace for jail Message-ID: <20150605235348.GA9965@dft-labs.eu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2015 23:53:54 -0000 On Sat, Jun 06, 2015 at 07:24:21AM +0900, kikuchan wrote: > Hello, > > I want to run multiple instances of PostgreSQL with jail. > > Changing UID is not suitable for my case, > so I created a simple patch for stable/10 to separate SysV IPC > namespace for each jail. > > In contrast to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=48471 , > this patch comes with; > - All objects are visible by ipcs(1) whether in jails or not. > - Trying to access the objects beyond the jail will be rejected with EACCES. > - Treat (key_t, prison) pair as the key for a named object. > - Very simple implementation; I just added to check > msqkptr->cred->cr_prison == td->td_ucred->cr_prison, for example. > > Is this approach suitable for FreeBSD kernel? > > If you find it is useful, or bugs, please let me know. > > P.S. > There is no way to know from userland which jails own the objects, so far. > I don't like this approach. I would expect completely separate namespaces. Extending struct prison with relevant pointers and updating the code to look at them is mostly mechanical work, but making it committable requires fixing some deficiencies and answering some questions. First off with the support for multi-level jails, jailing is no longer a privileged operation. There are documented harmless races related to that, but it is unclear if they transform into something serious with sysvipc involved. Single-threading the process for jailing should be fine. Address space can be shared between multiple jails, what happens if such a pair ends up in different jails? Preferably such a scenario would be prohibited to avoid future accidents. What about existing sysvshm mappings when jailing? -- Mateusz Guzik