Re: new feature: private IPC for every jail

From: Michael Butler <imb_at_protected-networks.net>
Date: Tue, 04 Apr 2006 07:55:50 -0400
Robert Watson wrote:

> Would it make more sense to simply allocate ID's sequentially, and 
> simply not allow access to objects with a non-matching prison? ..

This depends on the expected size of the system-wide pool; sequential 
allocation invites sequential searches of the name/id-space when looking 
for items any individual jail-id "owns".

However, what would work is a linked list of associated ids from each 
jail descriptor thereby creating the list of things to deallocate on 
jail termination,

-- 
Michael Butler, CISSP
Security Architect
Protected Networks
http://www.protected-networks.net

Received on Tue Apr 04 2006 - 09:56:00 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:54 UTC