Robert Watson wrote: > Would it make more sense to simply allocate ID's sequentially, and > simply not allow access to objects with a non-matching prison? .. This depends on the expected size of the system-wide pool; sequential allocation invites sequential searches of the name/id-space when looking for items any individual jail-id "owns". However, what would work is a linked list of associated ids from each jail descriptor thereby creating the list of things to deallocate on jail termination, -- Michael Butler, CISSP Security Architect Protected Networks http://www.protected-networks.net
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:54 UTC