On Fri 03 Oct 2008 at 03:27PM, Nick Kew wrote:
> In normal operation, copy-on-write gives us this model for free.
> Does copy-on-write work across a zone_enter()?
Yes.
> In the past, we've had some efforts to improve separation, based on
> worker children running under different user IDs. See for example
> the perchild MPM at apache.org. There's a lot of demand for
> perchild-like solutions, but no really satisfactory solution.
>
> My proposal is to provide an option whereby worker children perform
> a zone_enter before accepting connections or reading application-
> sensitive data. This of course assumes apache is started up in the
> root zone. Each zone will be the home for one or more virtualhost.
> It should be possible for zones to have different sizes (numbers of
> worker threads) and bandwidths (through crossbow), and other
> customisations. But the primary purpose - and I believe a huge
> selling-point - is the increased security of this virtualisation.
>
> Is there anywhere I can get the programmer documentation to get
> started on this work, beyond dabbling blindly with examples found
> on the 'net?
Nick, I think this is an interesting idea, but I must caution you
that zone_enter(2) isn't a public API, and using it correctly is
truly non-trivial.
One thing I don't really understand about your solution is what
economy it achieves. That is to say, why not run an apache instance
per-zone?
If you like we can chat offline by phone sometime about this.
-dp
--
Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
