On Fri 03 Oct 2008 at 03:27PM, Nick Kew wrote:
> In normal operation, copy-on-write gives us this model for free.
> Does copy-on-write work across a zone_enter()?

Yes.

> In the past, we've had some efforts to improve separation, based on
> worker children running under different user IDs.  See for example
> the perchild MPM at apache.org.  There's a lot of demand for
> perchild-like solutions, but no really satisfactory solution.
> 
> My proposal is to provide an option whereby worker children perform
> a zone_enter before accepting connections or reading application-
> sensitive data.  This of course assumes apache is started up in the
> root zone.  Each zone will be the home for one or more virtualhost.
> It should be possible for zones to have different sizes (numbers of
> worker threads) and bandwidths (through crossbow), and other
> customisations.  But the primary purpose - and I believe a huge
> selling-point - is the increased security of this virtualisation.
> 
> Is there anywhere I can get the programmer documentation to get
> started on this work, beyond dabbling blindly with examples found
> on the 'net?

Nick, I think this is an interesting idea, but I must caution you
that zone_enter(2) isn't a public API, and using it correctly is
truly non-trivial.

One thing I don't really understand about your solution is what
economy it achieves.  That is to say, why not run an apache instance
per-zone?

If you like we can chat offline by phone sometime about this.

        -dp

-- 
Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to