Date: Sat, 10 Jun 2006 22:52:44 +0300 From: Alex Lyashkov <shadow@psoft.net> To: Julian Elischer <julian@elischer.org> Cc: Robert Watson <rwatson@freebsd.org>, freebsd-arch@freebsd.org Subject: Re: jail extensions Message-ID: <1149969164.3215.66.camel@berloga.shadowland> In-Reply-To: <44897693.5050306@elischer.org> References: <1149610678.4074.42.camel@berloga.shadowland> <448633F2.7030902@elischer.org> <20060607095824.W53690@fledge.watson.org> <200606070819.04301.jhb@freebsd.org> <4486E41B.4000003@elischer.org> <1149692184.3224.208.camel@berloga.shadowland> <4486EBBD.3090404@elischer.org> <1149757290.3222.44.camel@berloga.shadowland> <1149786697.3222.91.camel@berloga.shadowland> <44897693.5050306@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
=F7 =F0=D4=CE, 09.06.2006, =D7 16:24, Julian Elischer =D0=C9=DB=C5=D4: > Alex Lyashkov wrote: >=20 > >>2) at MOD_LOAD case run loop for each prisons and init private data for > >>this module at all contexts. At this way module always 'exist' at all > >>contexts. > >>and disable module compiling (loading) when module don`t marked jail > >>safe. > >> =20 > >> > >example for this way. > >http://cvs.freevps.com/index.cgi/kernel/include/linux/freevps/s_context_= xfrm.h?rev=3D1.3 > >http://cvs.freevps.com/index.cgi/kernel/net/ipv4/ah4.c?rev=3D1.3 > >ah4_init/ah4_fini functions. > > =20 > > >=20 > this is the bit that is obvious. >=20 > The hard bit is the non obvious difficulty of changing all existing=20 > modules in such away that > they can be compiled both in the new way, and in a way that they are=20 > still compiled to the old way. >=20 > You need to put all the currently global variables into a structure that=20 > can be instantiated > for each jail, but in order to make this continue to work in the=20 > existing system, they still need to > be compiled as a global when the normal buold is made. >=20 > for this reason Marco and I were looking at various macros that can be=20 > defined to > allow the variables to be compiled both ways. >=20 > For example : >=20 >=20 > int xx; > static int yy; > struct a { > int aa; > int bb; > } cc; >=20 > might become: >=20 > VM_GLOBAL_START(modname) > int xx; > VMG_STATIC int yy; > struct a { > int aa; > int bb; > } cc; > VM_GLOBAL_STOP(modname) >=20 >=20 > You would access these as: > VM_GLOBAL(modname, yy) =3D 2 > foobar( VM_GLOBAL_STRUCT(cc, modname)->bb); >=20 > or similar. >=20 >=20 >=20 And I can`t find any benefits of give up old way when create=20 per module=20 struct module_data_$name { int xx; int yy; struct a { int aa; int bb; } cc; }; and use access as $name_data(context, yy) =3D 2. for non jail kernel it`s should be converted to always access via prison0.=20 main difficulty is convert access to variables to use macros, not are create struct. is anybody can review my patch and point me any wrong parts ? --=20 Alex Lyashkov <shadow@psoft.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1149969164.3215.66.camel>