|
Lines 302-309
Link Here
|
| 302 |
structures, &man.fork.2; checks if the structure |
302 |
structures, &man.fork.2; checks if the structure |
| 303 |
<literal>p->p_prison</literal> is filled on |
303 |
<literal>p->p_prison</literal> is filled on |
| 304 |
<literal>p2</literal>. If it is, it increments the |
304 |
<literal>p2</literal>. If it is, it increments the |
| 305 |
<literal>pr.ref</literal> by one, and sets the |
305 |
<literal>pr.ref</literal> by one, and sets P_JAILED flag in |
| 306 |
<literal>p_flag</literal> to one on the child process.</para> |
306 |
<literal>p_flag</literal> node. The prison structure, |
|
|
307 |
<literal>pr</literal>, is referenced by all the processes in a same |
| 308 |
jail, so reference counter should be incremented after every new |
| 309 |
process has been forked, and decremented after process' exit.</para> |
| 307 |
|
310 |
|
| 308 |
<programlisting><filename>/usr/src/sys/kern/kern_fork.c</filename>: |
311 |
<programlisting><filename>/usr/src/sys/kern/kern_fork.c</filename>: |
| 309 |
if (p2->p_prison) { |
312 |
if (p2->p_prison) { |
|
Lines 330-337
Link Here
|
| 330 |
<title>SysV IPC</title> |
333 |
<title>SysV IPC</title> |
| 331 |
|
334 |
|
| 332 |
<para>System V IPC is based on messages. Processes can send each |
335 |
<para>System V IPC is based on messages. Processes can send each |
| 333 |
other these messages which tell them how to act. The functions |
336 |
other these messages which tell them how to act. Actually, the |
| 334 |
which deal with messages are: <literal>msgsys</literal>, |
337 |
messages are sent and received from a special memory area, |
|
|
338 |
called message queue. Message queue resides in kernel address space. |
| 339 |
The functions which deal with messages are: <literal>msgsys</literal>, |
| 335 |
<literal>msgctl</literal>, <literal>msgget</literal>, |
340 |
<literal>msgctl</literal>, <literal>msgget</literal>, |
| 336 |
<literal>msgsend</literal> and <literal>msgrcv</literal>. |
341 |
<literal>msgsend</literal> and <literal>msgrcv</literal>. |
| 337 |
Earlier, I mentioned that there were certain sysctls you could |
342 |
Earlier, I mentioned that there were certain sysctls you could |
|
Lines 340-362
Link Here
|
| 340 |
most systems, this sysctl is set to 0. If it were set to 1, it |
345 |
most systems, this sysctl is set to 0. If it were set to 1, it |
| 341 |
would defeat the whole purpose of having a jail; privleged |
346 |
would defeat the whole purpose of having a jail; privleged |
| 342 |
users from within the jail would be able to affect processes |
347 |
users from within the jail would be able to affect processes |
| 343 |
outside of the environment. The difference between a message |
348 |
outside of the environment. </para> |
| 344 |
and a signal is that the message only consists of the signal |
349 |
<!-- |
|
|
350 |
The difference between a message |
| 351 |
and a signal is that the signal only consists of the signal |
| 345 |
number.</para> |
352 |
number.</para> |
| 346 |
|
353 |
|
|
|
354 |
No. there are much more differences - in generetion, handling and |
| 355 |
delivery. For instance, process will not receive a message until |
| 356 |
it calls an appropriate function, while signal could be delivered |
| 357 |
without any actions from process. Signal cannot be treated as a |
| 358 |
message with one data field - signal number. |
| 359 |
--> |
| 360 |
|
| 347 |
<para><filename>/usr/src/sys/kern/sysv_msg.c</filename>:</para> |
361 |
<para><filename>/usr/src/sys/kern/sysv_msg.c</filename>:</para> |
| 348 |
|
362 |
|
| 349 |
<itemizedlist> |
363 |
<itemizedlist> |
| 350 |
<listitem> <para>&man.msgget.3;: msgget returns (and possibly |
364 |
<listitem> <para>&man.msgget.3;: msgget returns (and possibly |
| 351 |
creates) a message descriptor that designates a message queue |
365 |
creates) a message queue descriptor that designates a message queue |
| 352 |
for use in other system calls.</para></listitem> |
366 |
for use in other system calls.</para></listitem> |
| 353 |
|
367 |
|
| 354 |
<listitem> <para>&man.msgctl.3;: Using this function, a process |
368 |
<listitem> <para>&man.msgctl.3;: Using this function, a process |
| 355 |
can query the status of a message |
369 |
can query the status of a message queue.</para></listitem> |
| 356 |
descriptor.</para></listitem> |
|
|
| 357 |
|
370 |
|
| 358 |
<listitem> <para>&man.msgsnd.3;: msgsnd sends a message to a |
371 |
<listitem> <para>&man.msgsnd.3;: msgsnd sends a message to a |
| 359 |
process.</para></listitem> |
372 |
message queue.</para></listitem> |
| 360 |
|
373 |
|
| 361 |
<listitem> <para>&man.msgrcv.3;: a process receives messages using |
374 |
<listitem> <para>&man.msgrcv.3;: a process receives messages using |
| 362 |
this function</para></listitem> |
375 |
this function</para></listitem> |
|
Lines 489-495
Link Here
|
| 489 |
network layer 2. There are certain precautions which are |
502 |
network layer 2. There are certain precautions which are |
| 490 |
taken in order to prevent a jailed process from binding a |
503 |
taken in order to prevent a jailed process from binding a |
| 491 |
protocol to a certain port only if the <literal>nam</literal> |
504 |
protocol to a certain port only if the <literal>nam</literal> |
| 492 |
parameter is set. nam is a pointer to a sockaddr structure, |
505 |
parameter is set when calling <function>pcbind</function> function. |
|
|
506 |
nam is a pointer to a sockaddr structure, |
| 493 |
which describes the address on which to bind the service. A |
507 |
which describes the address on which to bind the service. A |
| 494 |
more exact definition is that sockaddr "may be used as a |
508 |
more exact definition is that sockaddr "may be used as a |
| 495 |
template for reffering to the identifying tag and length of |
509 |
template for reffering to the identifying tag and length of |