This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
o use braces to avoid potentially ambiguous else
o don't default to type int (and also remove a useless register
modifier).
o Use parens around assignment values used as truth values.
o Remove unused function.
Reviewed by: obrien and chuckr
70-00 are intepreted in the 20th century; 01-69 in the
21st century. (Yes, 2000 is the last year of the 20th
century, not the first year of the 21st.)
Submitted by: Sergey Babkin <babkin@bellatlantic.net>
before.
Added SYS.h for mipseb and mipsel.
I now get part way through building libc in the cross environment that
I have (along with pending mipse[bl] changes to the intree egcs) with
these changes.
function. It was an ill-considered feature. It didn't solve the
problem I wanted it to solve. And it added Yet Another Version
Number that would have to be maintained at every release point.
I'm nuking it now before anybody grows too fond of it.
Unlike other filesystem objects, symbolic links do not have an owner,
group, access mode, times, etc. Instead, these attributes are taken from
the directory that contains the link. The only attributes returned from
an lstat() that refer to the symbolic link itself are the file type
(S_IFLNK), size, blocks, and link count (always 1).
This is bogus, and disagrees with the implementation and symlink(7).
Removed it.
PR: docs/10269
Submitted by: Tolik <tolik@sibptus.tomsk.ru>
changes have made this too expensive. This gains about 1.25% on
worldstone on my SMP machine.
Swap-less machines, for instance PicoBSDs, and machines which experience
page-out trafic, check with top(1), will probably want to reenable this
with:
ln -s H /etc/malloc.conf
Suggested by: alc (&dyson ?)
that counted the number of elements in argv. The counter is incremented
in the next-iteration section of the loop, not the body, so at termination
it's already "counted" the element that failed the continuation test - in
this case the NULL argv terminator.
Noted by: bde
call them. All the execX() libc functions should be vfork() safe now.
Specifically:
- execlp() does the argument count-and-build into a vector from alloca
(like the others) - buildargv() is no longer used (and gone).
- execvp() uses alloca/strcpy rather than strdup().
- the ENOEXEC handler uses alloca rather than malloc.
- a couple of free() calls removed - alloca works on the local stack and
the allocations are freed on function exit (which is why buildargv
wasn't useful - it's alloca() context would disappear on return).
Along the way:
- If alloca() fails (can it?), set errno = ENOMEM explicitly.
- The ENOEXEC recovery routine that trys again with /bin/sh appeared to
not be terminating the new argv[] array for /bin/sh, allowing it to
walk off the end of the list.
I dithered a bit about using alloca() even more as it's most commonly
associated with gcc. However, standalone portable (using malloc) and
machine-specific assembler alloca implementations appear to be available
on just about all the architectures we're likely to want to port to.
alloca will be the least of our problems if ever going to another compiler.
kern.chroot_allow_open_directories = 0
chroot(2) fails if there are open directories.
kern.chroot_allow_open_directories = 1 (default)
chroot(2) fails if there are open directories and the process
is subject of a previous chroot(2).
kern.chroot_allow_open_directories = anything else
filedescriptors are not checked. (old behaviour).
I'm very interested in reports about software which breaks when
running with the default setting.
which ones cause us to fail. Now all open errors on the databse file
will cause the next file in the list to be tried.
Submitted by: Arne Henrik Juul <arnej@math.ntnu.no>
PR: 4585
compiling, since <stdio.h> correctly doesn't declare off_t although
the pseudo-prototypes for the new fseeko() and ftello() functions
use it. Handle this like the corresponding problem for va_list
versus the vprintf() family.
Fixed some English errors.
request for it something like it. It was poorly worded and too
far from both POSIX wording and normal (mal)practice by referring to
sysconf(_SC_NGROUPS_MAX) instead of {NGROUPS_MAX} or NGROUPS. POSIX.1
uses curly braces to mark up "symbolic constants or limits [that may
be] defined in certain headers". Since we don't document this markup,
don't use it. Just use NGROUPS_MAX.
so that non-sloppy applications can call it without using disgusting
casts to avoid warnings. The 4th arg is sort of varargs -- it must
sometimes represent a filename, sometimes a struct pointer, and is
sometimes unused. The arg type is still caddr_t in the kernel.
Obtained from: mostly from NetBSD
