Date: Mon, 19 Oct 2009 18:38:17 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 169603 for review Message-ID: <200910191838.n9JIcHo6000739@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/chv.cgi?CH=169603 Change 169603 by trasz@trasz_victim on 2009/10/19 18:38:00 Fix comments and HRL_HC_PARENTS_MAX value. Affected files ... .. //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#40 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#40 (text+ko) ==== @@ -63,7 +63,7 @@ */ struct hrl_rule { int hr_subject_type; -#if 1 +#ifdef DIAGNOSTIC struct { #else union { @@ -123,20 +123,28 @@ #define HRL_AMOUNT_UNDEFINED -1 -#define HRL_HC_PARENTS_MAX 32 +/* + * Processes may have at most three parent containers - prison, uidinfo, + * and loginclass. Other subjects have less - struct prison may have only + * one parent container, loginclass and uidinfo structures have none. + * This may change when - and if - we add per-group resource limits. + */ +#define HRL_HC_PARENTS_MAX 3 /* * 'hrl_container' defines resource consumption for a particular * subject, such as process or jail. Containers form a graph - each * container has zero or more subcontainers and zero or more * "containing" containers (parents). For example, container for - * an uidinfo can have several subcontainers for processes for that + * an uidinfo can have several subcontainers for processes of that * user. On the other hand, each process can have several containing - * containers, one per every group this process belongs to. + * containers - one for jail the process is in, one for the user, + * one for every group this process belongs to (note that per-group + * limits are not implemented yet). * * Every process has exactly one container assigned to it. Containers - * for other objects are created when there is a rule which requires it. - * For example, uidinfo will have container assigned only if there + * for other objects are initialized when there is a rule which requires + * it. For example, uidinfo will have container assigned only if there * is a rule this uidinfo is subject to, and 'hr_per' for this rule * is HRL_SUBJECT_TYPE_USER. */ @@ -146,7 +154,7 @@ }; /* - * 'hrl_limit' connects rule with every subject it's related to. + * 'hrl_limit' connects a rule with every subject it's related to. * For example, rule 'user:X:openfiles:deny=N/process' is linked * with uidinfo for user X, and to each process of that user. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910191838.n9JIcHo6000739>