On Fri 03 Oct 2008 at 03:27PM, Nick Kew wrote:
> In normal operation, copy-on-write gives us this model for free.
> Does copy-on-write work across a zone_enter()?


> In the past, we've had some efforts to improve separation, based on
> worker children running under different user IDs.  See for example
> the perchild MPM at apache.org.  There's a lot of demand for
> perchild-like solutions, but no really satisfactory solution.
> My proposal is to provide an option whereby worker children perform
> a zone_enter before accepting connections or reading application-
> sensitive data.  This of course assumes apache is started up in the
> root zone.  Each zone will be the home for one or more virtualhost.
> It should be possible for zones to have different sizes (numbers of
> worker threads) and bandwidths (through crossbow), and other
> customisations.  But the primary purpose - and I believe a huge
> selling-point - is the increased security of this virtualisation.
> Is there anywhere I can get the programmer documentation to get
> started on this work, beyond dabbling blindly with examples found
> on the 'net?

Nick, I think this is an interesting idea, but I must caution you
that zone_enter(2) isn't a public API, and using it correctly is
truly non-trivial.

One thing I don't really understand about your solution is what
economy it achieves.  That is to say, why not run an apache instance

If you like we can chat offline by phone sometime about this.


Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
zones-discuss mailing list

Reply via email to