Date: Thu, 8 Jun 2006 12:32:42 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: Alex Lyashkov <shadow@psoft.net>, Julian Elischer <julian@elischer.org>, freebsd-arch@freebsd.org Subject: Re: jail extensions Message-ID: <20060608123125.W26068@fledge.watson.org> In-Reply-To: <20060607160850.GB18940@odin.ac.hmc.edu> References: <1149610678.4074.42.camel@berloga.shadowland> <448633F2.7030902@elischer.org> <20060607095824.W53690@fledge.watson.org> <200606070819.04301.jhb@freebsd.org> <20060607160850.GB18940@odin.ac.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Jun 2006, Brooks Davis wrote: > It's not clear to me that we want to use the same containers to control all > resouces since you might want a set of jails sharing IPC resources or being > allocated a slice of processor time to divide amongst them selves if we had > a hierarchical scheduler. That said, using a single prison structure could > do this if we allowed the administrator to specifiy a hierarchy of prisons > and not necessicairly enclose all resources in all prisons. When looking at improved virtualization support for things like System V IPC, my opinion has generally been that we introduce virtualization as a primitive, and then have jail use the primitive much in the same way it does chroot. This leaves flexibility to use it without jail, etc, but means we have a well-understood and well-defined interaction with jail. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060608123125.W26068>