Date: Fri, 26 Nov 2004 20:38:00 +0100 From: Koen Martens <fbsd@metro.cx> To: freebsd-hackers@freebsd.org Subject: Jail + sysv shmem Message-ID: <20041126193800.GB11747@metro.cx>
next in thread | raw e-mail | index | archive | help
--rJwd6BRFiFCcLxzm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello Hackers,
For a while i've been wanting shared memory to be usable withing jails,
but with cross-jail protection. Ie. shared memory is restricted to a
jail.=20
Recently I've been digging a bit in the freebsd kernel source code
(which is new to me, been doing quite some linux kernel hacking though).
It looks like this is actually not _that_ difficult to implement.=20
So, did anyone try this yet? Any pointers?
I think it can be done by putting the jail id in struct ipc_perm (in
sys/ipc.h), and then basically editing sysv_{msg,sem,shm}.c to extend
these checks that are all over there:
if (!jail_sysvipc_allowed && jailed(td->td_ucred))
return (ENOSYS);
Does that sound ok?
Kind regards,
Koen
--=20
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/
--rJwd6BRFiFCcLxzm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBp4YXktDgRrkFPpYRAqb6AJ9J3Kak1sSOrgOM3TmKOE/fQ3AOUACguWGr
qSJnuFD2ViN7nhgrSMAfbdQ=
=j4mc
-----END PGP SIGNATURE-----
--rJwd6BRFiFCcLxzm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041126193800.GB11747>