On 05/10/2011 05:54 PM, Paul Davis wrote:
On Tue, May 10, 2011 at 7:53 PM, Venkateswararao Jujjuri
<jvrao@xxxxxxxxxxxxxxxxxx> wrote:
Resending after subscribing to the list:
First time writing to this list. Appreciate any help/pointers.
We are considering glib threads for developing a secure user space
file-server.
In this effort, we would like to use clone(2) system call which performs
a chroot(/exported/path)
followed by g_thread_pool_new(). The threads created will inherit the
chroot'ed name
space and hence we are are creating a secure zone of exported region for
the fileserver to operate.
its not clear to me that you understand what clone does or its
relationship to threads.
Thanks for asking.
why do you think you should use clone(2),
This file server will be exporting multiple paths. Say, /mnt/exp1 ,
/mnt/exp2.
We need to create 'jail's for each of these exported paths so that the
client
requests will get executed by a set of threads only in that chroot'ed
region.
fFileserver calls clone, chroot(), new thread pool for each exported
region.
All the work for that exported path will be carried out by threads created
by that particular cloned/chrooted process.
We can't chroot the main process as this server will be
serving multiple exports and it is part of QEMU. Hence clone.
Hope I addressed your questions.
and why do you plan to
create a thread pool after calling it?
Because these threads will have a different name space whose root is
say, /mnt/exp1.
If any operation tries to access out side this exported region.. it will
fail. Basically highly secure.
in addition, terminology like "demonize" doesn't really apply to threads.
Yeah. Sorry for the choice of that word... used it for the lack of a
better word.
So basically I want to know if there is any way the pool stays active
even after
the process created it exits.
Thanks,
JV
_______________________________________________
gtk-list mailing list
gtk-list@xxxxxxxxx
http://mail.gnome.org/mailman/listinfo/gtk-list