From owner-freebsd-arch  Sat Jul 15 20: 2:25 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 86E6337B5DA; Sat, 15 Jul 2000 20:02:22 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id XAA24035;
	Sat, 15 Jul 2000 23:02:21 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 15 Jul 2000 23:02:21 -0400 (EDT)
From: Robert Watson <robert@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Brian Fundakowski Feldman <green@FreeBSD.org>
Cc: Adrian Chadd <adrian@FreeBSD.org>,
	Julian Elischer <julian@elischer.org>,
	Kelly Yancey <kbyanc@posi.net>, Dan Nelson <dnelson@emsphone.com>,
	Warner Losh <imp@village.org>, freebsd-arch@FreeBSD.org
Subject: Re: SysctlFS
In-Reply-To: <Pine.BSF.4.21.0007151907310.877-100000@green.dyndns.org>
Message-ID: <Pine.NEB.3.96L.1000715225806.23943A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 15 Jul 2000, Brian Fundakowski Feldman wrote:

> On Sat, 15 Jul 2000, Robert Watson wrote:
> 
> > On Sat, 15 Jul 2000, Brian Fundakowski Feldman wrote:
> > 
> > > We could create a way for jailed processes to "break out" into the
> > > canonical name space. This is a description of possible semantics for
> > 
> > What canonical namespace would that be?
> 
> Unless you can think of anything else that could possibly be the
> canonical namespace, struct vnode *rootvnode.

On Coda diskless workstations, we have a kernel with an MFSROOT, and then
chroot processes to under the Coda tree.  This technique is probably used
in other environments also (possibly NFS diskless boxes, et al?).  One of
the traditional ambiguities in UNIX has been the nature of the root
directory -- it is defined specifically in the context of a process.
Chroot'd processes can chroot, and spawn processes that can then chroot.
Right there you can see three potential "real" root directories. :-)  Now
imagine that jail() supported nesting...

That's one reason why I find the idea of absolute symlinks outside of the
chroot environment uncomfortable, and prefer some sort of light-weight
mount mechanism, or run-time constructed specialized links or the like,
rather than name-based construction.

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message