Attachment 22477 Details for Bug 38982 – file.diff

[patch] file.diff

file.diff (text/plain), 3.88 KB, created by Sergey Lyubka on 2002-06-07 14:30:01 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sergey Lyubka

Created: 2002-06-07 14:30:01 UTC

Size: 3.88 KB

patch

obsolete

>--- chapter.sgml.orig	Wed Jun  5 15:32:23 2002
>+++ chapter.sgml	Wed Jun  5 15:32:06 2002
>@@ -302,8 +302,11 @@
>           structures, &man.fork.2; checks if the structure
>           <literal>p->p_prison</literal> is filled on
>           <literal>p2</literal>. If it is, it increments the
>-          <literal>pr.ref</literal> by one, and sets the
>-          <literal>p_flag</literal> to one on the child process.</para>
>+          <literal>pr.ref</literal> by one, and sets P_JAILED flag in
>+          <literal>p_flag</literal> node. The prison structure,
>+	  <literal>pr</literal>, is referenced by all the processes in a same
>+	  jail, so reference counter should be incremented after every new
>+	  process has been forked, and decremented after process' exit.</para>
> 
>         <programlisting><filename>/usr/src/sys/kern/kern_fork.c</filename>:
> if (p2->p_prison) {
>@@ -330,8 +333,10 @@
>       <title>SysV IPC</title>
> 
>       <para>System V IPC is based on messages. Processes can send each
>-        other these messages which tell them how to act. The functions
>-        which deal with messages are: <literal>msgsys</literal>,
>+        other these messages which tell them how to act. Actually, the
>+	messages are sent and received from a special memory area,
>+	called message queue. Message queue resides in kernel address space.
>+	The functions which deal with messages are: <literal>msgsys</literal>,
>         <literal>msgctl</literal>, <literal>msgget</literal>,
>         <literal>msgsend</literal> and <literal>msgrcv</literal>.
>         Earlier, I mentioned that there were certain sysctls you could
>@@ -340,23 +345,31 @@
>         most systems, this sysctl is set to 0. If it were set to 1, it
>         would defeat the whole purpose of having a jail; privleged
>         users from within the jail would be able to affect processes
>-        outside of the environment. The difference between a message
>-        and a signal is that the message only consists of the signal
>+        outside of the environment. </para>
>+	
>+
>       <para><filename>/usr/src/sys/kern/sysv_msg.c</filename>:</para>
> 
>       <itemizedlist>
>         <listitem> <para>&man.msgget.3;: msgget returns (and possibly
>-        creates) a message descriptor that designates a message queue
>+        creates) a message queue descriptor that designates a message queue
>         for use in other system calls.</para></listitem>
> 
>         <listitem> <para>&man.msgctl.3;: Using this function, a process
>-        can query the status of a message
>-        descriptor.</para></listitem>
>+        can query the status of a message queue.</para></listitem>
> 
>         <listitem> <para>&man.msgsnd.3;: msgsnd sends a message to a
>-        process.</para></listitem>
>+        message queue.</para></listitem>
> 
>         <listitem> <para>&man.msgrcv.3;: a process receives messages using
>         this function</para></listitem>
>@@ -489,7 +502,8 @@
>         network layer 2. There are certain precautions which are
>         taken in order to prevent a jailed process from binding a
>         protocol to a certain port only if the <literal>nam</literal>
>-        parameter is set. nam is a pointer to a sockaddr structure,
>+        parameter is set when calling <function>pcbind</function> function.
>+	nam is a pointer to a sockaddr structure,
>         which describes the address on which to bind the service. A
>         more exact definition is that sockaddr "may be used as a
>         template for reffering to the identifying tag and length of

Actions: View | Diff

Attachments on bug 38982: 22477