Robert Watson wrote:
Would it make more sense to simply allocate ID's sequentially, and simply not allow access to objects with a non-matching prison? ..
This depends on the expected size of the system-wide pool; sequential allocation invites sequential searches of the name/id-space when looking for items any individual jail-id "owns".
However, what would work is a linked list of associated ids from each jail descriptor thereby creating the list of things to deallocate on jail termination,
-- Michael Butler, CISSP Security Architect Protected Networks http://www.protected-networks.net
smime.p7s
Description: S/MIME Cryptographic Signature
