Date: Fri, 1 Dec 2006 12:43:41 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Steven Hartland <killing@multiplay.co.uk> Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, freebsd-hackers@freebsd.org Subject: Re: Unable to stop a jail Message-ID: <20061201124226.O79653@fledge.watson.org> In-Reply-To: <011c01c7153d$9c5e1bb0$b3db87d4@multiplay.co.uk> References: <00c001c71535$7e7d7670$b3db87d4@multiplay.co.uk><20061201104809.P91892@maildrop.int.zabbadoz.net> <20061201111209.M79653@fledge.watson.org> <011c01c7153d$9c5e1bb0$b3db87d4@multiplay.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Dec 2006, Steven Hartland wrote:
>> In essence, this would move to having two reference counts on the prison: a
>> "strong" reference that has to do with having process members, and a "weak"
>> reference that has to do with ucreds pointing at the prison.
>
> The proposal sounds like a good idea but I'm sure there's an argument that
> would say thats just hiding the real underlieing issue?
Well, there are two things going on here:
(1) Jails that last a long time due to being referenced by data structures
that last a long time. I.e., time-wait TCP connections.
(2) Leaks in credentials or jails resulting in jails that never go away.
What I describe is intended to address the former issue, which is one that
exists for a reason. The latter issues are clearly bugs and just need to be
fixed.
Robert N M Watson
Computer Laboratory
University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061201124226.O79653>