On Sun, Nov 28, 2004 at 12:00:58PM +0000, [EMAIL PROTECTED] wrote: > From: Justin Hopper <[EMAIL PROTECTED]> > > I know that Pawel @ http://garage.freebsd.pl has a patch for making > private SysV IPC memory spaces for the host system and each jail: > > http://garage.freebsd.pl/privipc.README > > The patch is against 4.x though, and I've never tried it. I would > really like to see something like this implemented for 5.x though. Does > anyone know if there are plans to implement this in the future 5.x > releases? If not, I would be interested in helping anyone that wishes > to try implementing this in 5.3 soon, as we have a lot of clients who > ask for SysV IPC inside of jailed hosting environments.
Interesting, I will download that and see if it is of any help in my effort to implementing this in freebsd 5.x. Thanks for the pointer. > ------------------------------ > > Date: Sun, 28 Nov 2004 18:21:06 +1100 > From: Peter Jeremy <[EMAIL PROTECTED]> > > The sysadmin is likely to need access to: > 1) look at SysV IPC usage across the entire system > 2) clean up after a process has died unexpectedly. > > Whilst it's possible for the sysadmin to enter the relevant jail and > look at what is used in that jail, it's very difficult to get an > overall view of the system in this way - especially if there are lots > of jails. Hmm, there is a trade-off: ease of maintenance vs security. I personally would not want to have the host system to have access to the jail systems by IPC. It seems reasonable to make this a sysctl (which can only be set at boot time). > Robert Watson was also looking into this recently. I had some contact with him a while back, about his jailng project. However, that has been abandonded afaik. How recently have you heard him talk about this? Kind regards, Koen Martens -- K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, embedded systems, unix expertise, artificial intelligence. Public PGP key: http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program can't read? Visit http://www.openpgp.org/ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
