From owner-freebsd-arch@FreeBSD.ORG Wed Jun 7 17:35:53 2006 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14A5A16CBB6; Wed, 7 Jun 2006 15:07:46 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id D77E343D45; Wed, 7 Jun 2006 15:07:45 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [192.168.3.4]) ([10.251.60.69]) by a50.ironport.com with ESMTP; 07 Jun 2006 08:07:43 -0700 Message-ID: <4486EBBD.3090404@elischer.org> Date: Wed, 07 Jun 2006 23:07:41 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alex Lyashkov References: <1149610678.4074.42.camel@berloga.shadowland> <448633F2.7030902@elischer.org> <20060607095824.W53690@fledge.watson.org> <200606070819.04301.jhb@freebsd.org> <4486E41B.4000003@elischer.org> <1149692184.3224.208.camel@berloga.shadowland> In-Reply-To: <1149692184.3224.208.camel@berloga.shadowland> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Robert Watson , freebsd-arch@freebsd.org Subject: Re: jail extensions X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2006 17:36:01 -0000 Alex Lyashkov wrote: >>Marco's work is somewhat similar. >>All globals related to the network are moved to structures that can be >>duplicated. >> >>The base system also uses this structure so that in effect the base >>system is just another instance >>of the virtual machines. The biggest obstacle is that the 4.x based >>version just put everything >>into one structure, meaning that it only worked when all the components >>effected were >>compiled into the kernel. None of them could be implemented as a >>loadable kernel module. >>This has become much more important in 6.x. >> >>Ther is a way to allow this to work but it would require that we >>implement a kernel version of >>the idea used for TLS (Thread Local Storage), so that modules being >>loaded could be added >>to all the existing VMs and new VMs could get instances of all loaded >>modules. >>(and so that a module could not be unloaded until all VMS have destroyed >>their instance >> >> >It`s can be created easy. each module can be full own private data and >register init/destroy methods, similar SYSINIT macro. >prison will need add array for store pointers to modules data. >yes, it possible need lost more memory - but easy for implementation. > > "Easy" if you are writing something from scratch and you want it to not be able to be compiled the old way too.