Hello Hackers, For a while i've been wanting shared memory to be usable withing jails, but with cross-jail protection. Ie. shared memory is restricted to a jail.
Recently I've been digging a bit in the freebsd kernel source code
(which is new to me, been doing quite some linux kernel hacking though).
It looks like this is actually not _that_ difficult to implement.
So, did anyone try this yet? Any pointers?
I think it can be done by putting the jail id in struct ipc_perm (in
sys/ipc.h), and then basically editing sysv_{msg,sem,shm}.c to extend
these checks that are all over there:
if (!jail_sysvipc_allowed && jailed(td->td_ucred))
return (ENOSYS);
Does that sound ok?
Kind regards,
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/
pgp1E5Qc7KO3s.pgp
Description: PGP signature
