From owner-freebsd-arch  Sat Jul 15 18:14:21 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 69F6737B621; Sat, 15 Jul 2000 18:14:18 -0700 (PDT)
	(envelope-from green@FreeBSD.org)
Date: Sat, 15 Jul 2000 21:14:17 -0400 (EDT)
From: Brian Fundakowski Feldman <green@FreeBSD.org>
X-Sender: green@green.dyndns.org
To: Warner Losh <imp@village.org>
Cc: freebsd-arch@FreeBSD.org
Subject: Re: SysctlFS 
In-Reply-To: <200007152343.RAA49544@harmony.village.org>
Message-ID: <Pine.BSF.4.21.0007152020060.877-100000@green.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 15 Jul 2000, Warner Losh wrote:

> In message <Pine.BSF.4.21.0007151907310.877-100000@green.dyndns.org> Brian Fundakowski Feldman writes:
> : On Sat, 15 Jul 2000, Robert Watson wrote:
> : 
> : > On Sat, 15 Jul 2000, Brian Fundakowski Feldman wrote:
> : > 
> : > > We could create a way for jailed processes to "break out" into the
> : > > canonical name space. This is a description of possible semantics for
> : > 
> : > What canonical namespace would that be?
> : 
> : Unless you can think of anything else that could possibly be the
> : canonical namespace, struct vnode *rootvnode.
> 
> Put another way...
> 
> If we have a jail that lives in /foo/bar, and we have ways to
> symboliclly link outside /foo/bar, that's a big problem.

Why? It's got exactly the same considerations as the "true" root being
able to mount(2) things into a jail or mknod(2).

> Also, you really don't want too many devices in a jail's /dev tree.
> You really wouldn't want devfs for jail unless you could limit it
> severely.  And that's going to be hard to write, I think.

But you could create multiple mounts (instances) of devfs which each
contain a specific subset of the devfs proper and do the "symlink
breakout" accordingly :)  An aspect of jail classes, if you will.

> Warner

--
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green@FreeBSD.org                    `------------------------------'




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message