Date: Wed, 25 Jun 2003 13:26:28 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Pawel Jakub Dawidek <nick@garage.freebsd.pl> Cc: freebsd-arch@freebsd.org Subject: Re: Jailed sysvipc implementation. Message-ID: <Pine.NEB.3.96L.1030625132446.57143A-100000@fledge.watson.org> In-Reply-To: <20030624164602.GW7587@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Jun 2003, Pawel Jakub Dawidek wrote: > Some time ago I've implemented private memory zones for IPC mechism. > Every jail and main host got its own memory for IPC operations. > It was implemented for FreeBSD 4.x. Avaliable at: > > http://garage.freebsd.pl/privipc.tbz > http://garage.freebsd.pl/privipc.README > > I want to port this to FreeBSD 5.x, but with many improvements. Because > of that there are few things to talk about and I'm curious if anyone > will be interested in answering my questions and at the end commiting > this to -CURRENT. > > Patch will not be a "fast hack" so the best way will be commiting this > in parts. I got already working sysvipv_msg mechanism. > > So if anyone is interested in, please inform me and I'll ask my > questions and I'll send also what I got now. We have some initial patches that wrap the user ipcperm structure in a kernel-specific structure, which we use to add a MAC label. It would be easy to also add a prison pointer. We probably won't get to merging this patch for a couple of weeks, but it's worth keeping in mind. http://www.watson.org/~robert/freebsd/mac_sysvipc.diff This needs style cleanup, bug fixing, testing, etc, but it's the direction we're pushing in for MAC right now. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030625132446.57143A-100000>