Date: Sat, 15 Jul 2000 17:43:13 -0600 From: Warner Losh <imp@village.org> To: Brian Fundakowski Feldman <green@FreeBSD.org> Cc: freebsd-arch@FreeBSD.org Subject: Re: SysctlFS Message-ID: <200007152343.RAA49544@harmony.village.org> In-Reply-To: Your message of "Sat, 15 Jul 2000 19:10:55 EDT." <Pine.BSF.4.21.0007151907310.877-100000@green.dyndns.org> References: <Pine.BSF.4.21.0007151907310.877-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.21.0007151907310.877-100000@green.dyndns.org> Brian Fundakowski Feldman writes: : On Sat, 15 Jul 2000, Robert Watson wrote: : : > On Sat, 15 Jul 2000, Brian Fundakowski Feldman wrote: : > : > > We could create a way for jailed processes to "break out" into the : > > canonical name space. This is a description of possible semantics for : > : > What canonical namespace would that be? : : Unless you can think of anything else that could possibly be the : canonical namespace, struct vnode *rootvnode. Put another way... If we have a jail that lives in /foo/bar, and we have ways to symboliclly link outside /foo/bar, that's a big problem. Also, you really don't want too many devices in a jail's /dev tree. You really wouldn't want devfs for jail unless you could limit it severely. And that's going to be hard to write, I think. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007152343.RAA49544>