Date: Sat, 15 Jul 2000 23:02:21 -0400 (EDT) From: Robert Watson <robert@FreeBSD.org> To: Brian Fundakowski Feldman <green@FreeBSD.org> Cc: Adrian Chadd <adrian@FreeBSD.org>, Julian Elischer <julian@elischer.org>, Kelly Yancey <kbyanc@posi.net>, Dan Nelson <dnelson@emsphone.com>, Warner Losh <imp@village.org>, freebsd-arch@FreeBSD.org Subject: Re: SysctlFS Message-ID: <Pine.NEB.3.96L.1000715225806.23943A-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.21.0007151907310.877-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 15 Jul 2000, Brian Fundakowski Feldman wrote: > On Sat, 15 Jul 2000, Robert Watson wrote: > > > On Sat, 15 Jul 2000, Brian Fundakowski Feldman wrote: > > > > > We could create a way for jailed processes to "break out" into the > > > canonical name space. This is a description of possible semantics for > > > > What canonical namespace would that be? > > Unless you can think of anything else that could possibly be the > canonical namespace, struct vnode *rootvnode. On Coda diskless workstations, we have a kernel with an MFSROOT, and then chroot processes to under the Coda tree. This technique is probably used in other environments also (possibly NFS diskless boxes, et al?). One of the traditional ambiguities in UNIX has been the nature of the root directory -- it is defined specifically in the context of a process. Chroot'd processes can chroot, and spawn processes that can then chroot. Right there you can see three potential "real" root directories. :-) Now imagine that jail() supported nesting... That's one reason why I find the idea of absolute symlinks outside of the chroot environment uncomfortable, and prefer some sort of light-weight mount mechanism, or run-time constructed specialized links or the like, rather than name-based construction. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000715225806.23943A-100000>