From owner-freebsd-hackers@freebsd.org Tue Mar 13 21:43:12 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D012F531B8 for ; Tue, 13 Mar 2018 21:43:12 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 02A9177AD6 for ; Tue, 13 Mar 2018 21:43:10 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-io0-x234.google.com with SMTP id m83so1884256ioi.8 for ; Tue, 13 Mar 2018 14:43:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ZeLn/6tCWqD8K2vI7QjKJNzeOr5SPWa40O8E8oXQUos=; b=HgCYyc0OdvkACnOUWAwVxHVCXE17xPl5+r7Os9YEHlcajwd+/GZFyVjBRGhrHh4nUo ftC2QB+x5kX+6t03TMCy+0q5fg6l46Sqa/7ylg8ErnMPPrJgphx8zMwDoed/BFHhCNOQ SKO2NeqP6p5JuPHAUOPesQ6hMKHBghbTof7M5TVPcmNMoA2qK6QFsoh4u8bQtmR9mpcm f7CEobwV1MrzxUDXexvJH8UAF2F9aNR3/hHnLMNCPF2IfW4RWhZAWFw//IMs1220IdN1 3VSv919NNUAaLu/003eZbyP9U1258tBwESqNGxWG+jLjJwLM33xen0D5b4qs+SLpdc7P 8ttQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=ZeLn/6tCWqD8K2vI7QjKJNzeOr5SPWa40O8E8oXQUos=; b=LnvpxOt7tW/CABfyWjie7Jgqb+44a5fFuKMDqBt9Ry0gT7Hu1BXD0DTK/oXtZrgw89 y0GmKQ4MWqI+96Wh/nN+h4y6l83bIr8RVyz0UHLc3cScv+TuYaD7Smqq3jiH1LVqkyTH kCL4IseydDJ8WVYyOSH5Hrh1jPwG6hPUam8AxXMNfXK2n7hzb07ykUEn7/TJEQRq+KWv dcPdGFTnXrlR4d5wKHI33JWDAanGBhIZbXJWlprP1GRJWJUstv7xkfbXUfwqGLgBsujC AMSjCfLsmKazXToQnK1dLOeYt8f+f5S4d62qWokWGLKZP6LaJKEB+Q/3Hy6ie4QUfGZq j3QA== X-Gm-Message-State: AElRT7GzbTiCCwaNLA9e2nSPoJqJt4pa1H+pppN/YhQkT5ytVoXD8xOO ZI2V+axvbomqOczO0m8Caac8P5uTvUbG2AKO/U6EcQ== X-Google-Smtp-Source: AG47ELs9DyJRvediyXx4sS95uMBsNP8CTdm00ycmMmu3cIHw8bZd1FbtryXqvX0IxUPNOlouSA9w81ORL4nBMVBO52c= X-Received: by 10.107.12.230 with SMTP id 99mr2418983iom.117.1520977389180; Tue, 13 Mar 2018 14:43:09 -0700 (PDT) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 10.79.203.196 with HTTP; Tue, 13 Mar 2018 14:43:08 -0700 (PDT) X-Originating-IP: [2603:300b:6:5100:1052:acc7:f9de:2b6d] In-Reply-To: <201803132055.aa28780@berenice.pkmab.se> References: <201803132055.aa28780@berenice.pkmab.se> From: Warner Losh Date: Tue, 13 Mar 2018 15:43:08 -0600 X-Google-Sender-Auth: OnU0_XUh9v_cUHawY5RcttLzuv0 Message-ID: Subject: Re: GSoC Idea: per-process filesystem namespaces for FreeBSD To: Kristoffer Eriksson Cc: Theron , "freebsd-hackers@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2018 21:43:12 -0000 On Tue, Mar 13, 2018 at 1:55 PM, Kristoffer Eriksson wrote: > > On 13 Mar 2018 12:53:18, Theron wrote: > > For those unfamiliar with Plan9, here is a rough explanation of the > > namespace feature: unlike in Unix, where all processes share the same > > virtual filesystem, each process instead has its own view of the > > filesystem according to what has been mounted ... > > What if I mount a new /etc with a passwd file where root has no > password, and then run "su"? > > (How does Plan9 handle that?) > Plan9 handles that by having a daemon that does user authentication. It's actually more complicated than that, but the machine owner has control over who can do what. For this to work in FreeBSD, either we'd need to disallow the 'file' type for passwd, or we'd have to do something sensible with setuid programs. Well, maybe not 'or' but 'and' since the security of setuid programs depends on the security of the filesystem.... Plan 9 doesn't have these complications, so it can offer a user malleable filesystem without security risk. Warner