This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
Clean up (or if antipodic: down) some of the msgbuf stuff.
Use an inline function rather than a macro for timecounter delta.
Maintain process "on-cpu" time as 64 bits of microseconds to avoid
needless second rollover overhead.
Avoid calling microuptime the second time in mi_switch() if we do
not pass through _idle in cpu_switch()
This should reduce our context-switch overhead a bit, in particular
on pre-P5 and SMP systems.
WARNING: Programs which muck about with struct proc in userland
will have to be fixed.
Reviewed, but found imperfect by: bde
VM structure (eg: credentials etc) and it's highly unlikely we'll ever
get to see the "tainted" BSD<=4.3 VM code in public use. Although it
indicated the way some things used to be done, it obfuscates things too
much.
appears, not the longest _maximum_ username (this should probably also go
into 2.2, for the day when we bump up the username length there too).
Submitted-By: Terry Lambert <terry@lambert.org>
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
the full argument vector.
I've bumped into a few things that expected this switch to be present,
the most recent was the snmp package in ports. I'm not 100% sure of the
origins of this, but Linux has it, so does the "BSD-compatable" version
of ps on our SVR4 systems (so I assume SunOS has it too).
allow more than two tty characters.
David Greenman pointed out that when a process that had been revoked from
it's controlling tty, the "-" sign was detached from any two-character
names.
This gives us more room to breath with tty names, especially with drivers
that support large numbers of ports.. eg: specialix and digiboard.
This does not actually change the current tty names, it just allows room
for reporting more characters if the drivers use them.
/usr/src/bin. Note that some patches are still needed in that directory.
I (Joerg) finished most of Philippe's cleanup. /bin/sh will still
need *allot* of work, however.
Submitted by: charnier@lirmm.fr (Philippe Charnier)
