Date: Tue, 4 Apr 2006 04:50:47 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Daniel Eischen <deischen@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <20060403185046.GC683@turion.vk2pj.dyndns.org> In-Reply-To: <Pine.GSO.4.43.0604030817090.21105-100000@sea.ntplx.net> References: <20060403043711.GB76193@heff.fud.org.nz> <Pine.GSO.4.43.0604030817090.21105-100000@sea.ntplx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2006-Apr-03 08:19:00 -0400, Daniel Eischen wrote: >I don't really see what the problem is. ESRCH seems perfectly >reasonable for trying to kill (even sig 0) a process from a >different jail. If you're in a jail, then you shouldn't have >knowledge of processes from other jails. I agree in general. The problem here is that SysV IPC isn't jail-aware - there's a single SysV IPC address space across the physical system. This confuses (eg) postgres because it can see the SHM for a postgres instance in another jail but kill(2) claims that the process associated with that SHM doesn't exist. There appear to be two solutions: 1) Add a sysctl to change cr_cansignal() and/or prison_check() to make processes visible between jails. 2) Change SysV IPC to be jail-aware. The former is trivial - but has a number of security implications. The latter is much harder, there is apparently a RELENG_4 patch in kern/48471 but it's not clear how much work would be necessary to being it up to scratch. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403185046.GC683>