From owner-freebsd-arch  Fri Jul 14 15: 8:39 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by hub.freebsd.org (Postfix) with ESMTP
	id C750437B8D2; Fri, 14 Jul 2000 15:08:36 -0700 (PDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.9.3/8.9.3) id RAA21669;
	Fri, 14 Jul 2000 17:08:25 -0500 (CDT)
	(envelope-from dan)
Date: Fri, 14 Jul 2000 17:08:25 -0500
From: Dan Nelson <dnelson@emsphone.com>
To: Julian Elischer <julian@elischer.org>
Cc: Warner Losh <imp@village.org>, Adrian Chadd <adrian@FreeBSD.ORG>,
	freebsd-arch@FreeBSD.ORG
Subject: Re: SysctlFS
Message-ID: <20000714170824.A21158@dan.emsphone.com>
References: <200007142145.PAA39245@harmony.village.org> <Pine.BSF.4.10.10007141457550.59294-100000@InterJet.elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
User-Agent: Mutt/1.3.5i
In-Reply-To: <Pine.BSF.4.10.10007141457550.59294-100000@InterJet.elischer.org>; from "Julian Elischer" on Fri Jul 14 15:00:36 GMT 2000
X-OS: FreeBSD 5.0-CURRENT
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In the last episode (Jul 14), Julian Elischer said:
> On Fri, 14 Jul 2000, Warner Losh wrote:
> > In message <20000714124805.F17372@ywing.creative.net.au> Adrian Chadd writes:
> >: As I said in my previous email, persistence isn't the primary
> >: problem in my eyes. There are many ways people can handle it. What
> >: I see as being an interesting problem is handling devfs across
> >: multiple process/group namespaces (jail/chroot) without cluttering
> >: up your mount table.
> > 
> > Yes.  Another issue is the new hot plug devices.  It is highly
> > desirable to allow arbitrary commands to run when they come and go.
> 
> I have some solutions for both problems..
> At least for the devfs in jail problems..
> 
> in particular a variant on a symbolic link which is interpretted as a
> symlink into /dev this would allow many /devs to exist without many
> mounted filesystems in each jail

Would it be possible to have a symbolic link type that breaks out of a
jail?  So you would have a "/myjail/dev ->> /dev" link in the jail that
ends up referring to the real /dev.  This would also fix the /proc
problem.  You wouldn't want to link /myjail/usr/lib to /usr/lib,
though, because the jailed root would be able to modify the binaries,
but /dev and /proc seem safe.

-- 
	Dan Nelson
	dnelson@emsphone.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message