On Tue, 2006-08-22 at 11:02 +0100, Alan Cox wrote: > Ar Llu, 2006-08-21 am 18:45 -0700, ysgrifennodd Rohit Seth: > > I think as the tasks move around, it becomes very heavy to move all the > > pages belonging to previous container to a new container. > > Its not a meaningful thing to do. Remember an object may be passed > around or shared. The simple "creator pays" model avoids all the heavy > overheads while maintaining the constraints.
Hi, there is one issue with the "creator pays" model: if the creator can decide to die/go away/respawn then you can create orphan resources. This is a leak at least, but if a malicious user can control the death/respawn cycle it can even be abused to bypass the controls in the first place. Keeping the owner alive until all shared users are gone is not always a good idea either; if a container significantly malfunctions (or requires a restart due to, say, a very urgent glibc security update), keeping it around anyway is not a valid option for the admin. (And it forms another opportunity for a malicious user, keep a (vulnerable) container alive by hanging on to a shared resource deliberately) A general "unshare me out" function that finds a new to-blame owner might work, just the decision whom to blame is not an easy one in that scenario. Greetings, Arjan van de Ven -- if you want to mail me at work (you don't), use arjan (at) linux.intel.com ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ ckrm-tech mailing list https://lists.sourceforge.net/lists/listinfo/ckrm-tech
