Date: Mon, 15 Jun 2015 17:32:45 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: kikuchan@uranus.dti.ne.jp Cc: freebsd-jail@freebsd.org, freebsd-virtualization@freebsd.org Subject: Re: How to implement jail-aware SysV IPC (with my nasty patch) Message-ID: <C550B753-C8DE-4504-BC8C-DE2E92E163E7@lists.zabbadoz.net> In-Reply-To: <beed5db2dd2638359e2d71387a3e2885@imap.cm.dream.jp> References: <cc18282ebe394476120a139239225782@imap.cm.dream.jp> <2B7AA933-CB74-4737-8330-6E623A31C6DA@lists.zabbadoz.net> <beed5db2dd2638359e2d71387a3e2885@imap.cm.dream.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 15 Jun 2015, at 17:10 , kikuchan@uranus.dti.ne.jp wrote: >=20 > On Mon, 15 Jun 2015 09:53:53 +0000, "Bjoern A. Zeeb" = <bzeeb-lists@lists.zabbadoz.net> wrote: >> Hi, >>=20 >> removed hackers, added virtualization. >>=20 >>=20 >>> On 12 Jun 2015, at 01:17 , kikuchan@uranus.dti.ne.jp wrote: >>>=20 >>> Hello, >>>=20 >>> I=E2=80=99m (still) trying to figure out how jail-aware SysV IPC = mechanism should be. >>=20 >> The best way probably is to finally get the =E2=80=9Ccommon=E2=80=9D = VIMAGE framework into HEAD to allow easy virtualisation of other = services. That work has been sitting in perforce for a few years and = simply needs updating for sysctls I think. >>=20 >> Then use that to virtualise things and have a vipc like we have = vnets. The good news is that you have identified most places and have = the cleanup functions already so it=E2=80=99d be a matter of = transforming your changes (assuming they are correct and working fine; = haven=E2=80=99t actually read the patch in detail;-) to the different = infrastructure. And that=E2=80=99s the easiest part. >>=20 >>=20 >> Bjoern >=20 > Hi Bjoern, > Thank you for your reply. >=20 > The "common" VIMAGE framework sounds good, I really want it. >=20 > I want to know what the IPC system looks like for user-land after = virtualized, > and what happen if vnet like vipc is implemented. >=20 > For example, jail 1, 2, 3 join vipc group A, and jail 4, 5, 6 join = vipc group B ?? > Hmm, it looks good. That=E2=80=99s not exactly how it works currently and I think the mixing = of options will be harder and something we=E2=80=99l have to figure out = more carefully. You would be able to say jail 1 has a vipc and jail 2 and 3 and =E2=80=9Cc= hild jails=E2=80=9D and inherit it. (similar for 4 + 5,6) so it=E2=80=99s= nested but not side-by-side. If we want more of the =E2=80=9Cmixing=E2=80=9D and independentness = we=E2=80=99ll have to re-think the way we =E2=80=9Cmanage=E2=80=9D = jails. Bjoern=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C550B753-C8DE-4504-BC8C-DE2E92E163E7>