Date: Wed, 9 Apr 2003 19:49:00 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Nate Lawson <nate@root.org> Cc: Mike Barcroft <mike@FreeBSD.org> Subject: Re: cvs commit: src/usr.bin/killall killall.1 killall.c src/usr.sbin Makefile src/usr.sbin/jail jail.8 jail.c src/usr.sbin/jexec Makefile jexec.8 jexec.c src/usr.sbin/jls Makefile jls.8 jls.c Message-ID: <Pine.NEB.3.96L.1030409194655.31027C-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.21.0304091639540.30429-100000@root.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Apr 2003, Nate Lawson wrote: > On Wed, 9 Apr 2003, Alfred Perlstein wrote: > > * Robert Watson <rwatson@FreeBSD.org> [030409 16:24] wrote: > > > > > > On Thu, 10 Apr 2003, Pawel Jakub Dawidek wrote: > > > > > > > > And there can't be names spoofing. (If, ofcourse '.' is invalid char in > > > > jail name:)). > > > > > > Sounds reasonable to me, although a bit more trouble to parse and render > > > :-). > > > > And what kind of path seperator is '.'? > > Exactly. What you're describing would be better implemented as a > pseudo-fs layer. In fact, that would remove the need for separate j* > utilities. I thought we were trying to get away from synthetic file systems with terrible security properties. In fact, we specifically toasted procfs because it behaved so badly; kernfs went down the tubes because the semantic match was very poor, and sysctl is in. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030409194655.31027C-100000>