From nobody@www.freebsd.org  Fri Jun  7 06:21:36 2002
Return-Path: <nobody@www.freebsd.org>
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 55DCA37B405
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  7 Jun 2002 06:21:36 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g57DLZhG099890
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 7 Jun 2002 06:21:35 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g57DLZ9r099889;
	Fri, 7 Jun 2002 06:21:35 -0700 (PDT)
Message-Id: <200206071321.g57DLZ9r099889@www.freebsd.org>
Date: Fri, 7 Jun 2002 06:21:35 -0700 (PDT)
From: Sergey Lyubka <devnull@uptsoft.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: developers-hanbook/Jail fix
X-Send-Pr-Version: www-1.0

>Number:         38982
>Category:       docs
>Synopsis:       [patch] developers-handbook/Jail fix
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       devhandbook
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 07 06:30:01 PDT 2002
>Closed-Date:    Wed Nov 21 04:17:56 UTC 2012
>Last-Modified:  Wed Nov 21 04:17:56 UTC 2012
>Originator:     Sergey Lyubka
>Release:        FreeBSD4.6-RC
>Organization:
Asita Technologies Int.
>Environment:
FreeBSD yoda.asitatech.ie 4.6-RC FreeBSD 4.6-RC #7: Thu May 23 15:08:05 GMT 2002     root@yoda.asitatech.ie:/usr/obj/usr/src/sys/DEVNULL  i386

>Description:
few inaccuracies found
>How-To-Repeat:
      
>Fix:
--- chapter.sgml.orig	Wed Jun  5 15:32:23 2002
+++ chapter.sgml	Wed Jun  5 15:32:06 2002
@@ -302,8 +302,11 @@
           structures, &man.fork.2; checks if the structure
           <literal>p->p_prison</literal> is filled on
           <literal>p2</literal>. If it is, it increments the
-          <literal>pr.ref</literal> by one, and sets the
-          <literal>p_flag</literal> to one on the child process.</para>
+          <literal>pr.ref</literal> by one, and sets P_JAILED flag in
+          <literal>p_flag</literal> node. The prison structure,
+	  <literal>pr</literal>, is referenced by all the processes in a same
+	  jail, so reference counter should be incremented after every new
+	  process has been forked, and decremented after process' exit.</para>
 
         <programlisting><filename>/usr/src/sys/kern/kern_fork.c</filename>:
 if (p2->p_prison) {
@@ -330,8 +333,10 @@
       <title>SysV IPC</title>
 
       <para>System V IPC is based on messages. Processes can send each
-        other these messages which tell them how to act. The functions
-        which deal with messages are: <literal>msgsys</literal>,
+        other these messages which tell them how to act. Actually, the
+	messages are sent and received from a special memory area,
+	called message queue. Message queue resides in kernel address space.
+	The functions which deal with messages are: <literal>msgsys</literal>,
         <literal>msgctl</literal>, <literal>msgget</literal>,
         <literal>msgsend</literal> and <literal>msgrcv</literal>.
         Earlier, I mentioned that there were certain sysctls you could
@@ -340,23 +345,31 @@
         most systems, this sysctl is set to 0. If it were set to 1, it
         would defeat the whole purpose of having a jail; privleged
         users from within the jail would be able to affect processes
-        outside of the environment. The difference between a message
-        and a signal is that the message only consists of the signal
+        outside of the environment. </para>
+	<!--
+	The difference between a message
+        and a signal is that the signal only consists of the signal
         number.</para>
 
+	No. there are much more differences - in generetion, handling and
+	delivery. For instance, process will not receive a message until
+	it calls an appropriate function, while signal could be delivered
+	without any actions from process. Signal cannot be treated as a
+	message with one data field - signal number.
+	-->
+
       <para><filename>/usr/src/sys/kern/sysv_msg.c</filename>:</para>
 
       <itemizedlist>
         <listitem> <para>&man.msgget.3;: msgget returns (and possibly
-        creates) a message descriptor that designates a message queue
+        creates) a message queue descriptor that designates a message queue
         for use in other system calls.</para></listitem>
 
         <listitem> <para>&man.msgctl.3;: Using this function, a process
-        can query the status of a message
-        descriptor.</para></listitem>
+        can query the status of a message queue.</para></listitem>
 
         <listitem> <para>&man.msgsnd.3;: msgsnd sends a message to a
-        process.</para></listitem>
+        message queue.</para></listitem>
 
         <listitem> <para>&man.msgrcv.3;: a process receives messages using
         this function</para></listitem>
@@ -489,7 +502,8 @@
         network layer 2. There are certain precautions which are
         taken in order to prevent a jailed process from binding a
         protocol to a certain port only if the <literal>nam</literal>
-        parameter is set. nam is a pointer to a sockaddr structure,
+        parameter is set when calling <function>pcbind</function> function.
+	nam is a pointer to a sockaddr structure,
         which describes the address on which to bind the service. A
         more exact definition is that sockaddr "may be used as a
         template for reffering to the identifying tag and length of

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: eadler 
State-Changed-When: Wed Nov 21 04:17:55 UTC 2012 
State-Changed-Why:  
I'm very sorry no one looked at this PR.  While I'm too late to do 
anything about this now, it seems that the "jail" chapter is gone and 
that this patch doesn't apply to *anything* anymore.  I hope this didn't 
scare you off from contributing in the future.  Thanks for making 
FreeBSD better! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38982 
>Unformatted:
