This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
and CPU runtime because it can't access the user area via /proc/<pid>/mem.
This is because the uarea is not mapped into the process address space
at USRSTACK on the alpha like it is on the x86.
Since I'm haven't been able to wrap my brain around the VM system enough
to be able to figure out how to achieve this mapping, and since it's
questionable that such an architectural change is correct, I implemented
a workaround to allow ps(1) to read the uarea from /dev/kmem using
kvm_read() instead of from the process address space via kvm_uread().
The kludge is hidden inside #ifdef __alpha__/#endif so as not to impact
the x86. (Note that top(1) probably uses this same gimmick since it works
on FreeBSD/alpha.)
Reviewed by: dfr
This takes the conditionals out of the code that has been tested by
various people for a while.
ps and friends (libkvm) will need a recompile as some proc structure
changes are made.
Submitted by: "Richard Seaman, Jr." <dick@tar.com>
Submitted by: "Richard Seaman, Jr." <lists@tar.com>
Obtained from: linux :-)
Code to allow Linux Threads to run under FreeBSD.
By default not enabled
This code is dependent on the conditional
COMPAT_LINUX_THREADS (suggested by Garret)
This is not yet a 'real' option but will be within some number of hours.
Use /dev/null for opening the kvm library, we don't need access to /dev/mem
anymore.
ps can now run without the setgid(kmem) bit. If it does it will not be
able to show argv/envp for another uid's processes unless you are root.
Clean up (or if antipodic: down) some of the msgbuf stuff.
Use an inline function rather than a macro for timecounter delta.
Maintain process "on-cpu" time as 64 bits of microseconds to avoid
needless second rollover overhead.
Avoid calling microuptime the second time in mi_switch() if we do
not pass through _idle in cpu_switch()
This should reduce our context-switch overhead a bit, in particular
on pre-P5 and SMP systems.
WARNING: Programs which muck about with struct proc in userland
will have to be fixed.
Reviewed, but found imperfect by: bde
for users who are root, or in group wheel. This is useful on large timesharing
systems where a PS command can cause the system to grind to a halt. The
ability to get the information isn't diminished for those who really need the
additional detail (administrators.) Normal users won't see any difference unless
the processes are swapped out. The "really get it mode" is invoked by the
use of an additional flag in the command string "-f". New/old behavior is
selectable with a compile option.
PR: 5196
Submitted by: Matt Dillon <dillon@best.net>
VM structure (eg: credentials etc) and it's highly unlikely we'll ever
get to see the "tainted" BSD<=4.3 VM code in public use. Although it
indicated the way some things used to be done, it obfuscates things too
much.
appears, not the longest _maximum_ username (this should probably also go
into 2.2, for the day when we bump up the username length there too).
Submitted-By: Terry Lambert <terry@lambert.org>
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.