Date: Sun, 16 Jul 2000 01:29:41 -0400 (EDT) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: Robert Watson <robert@FreeBSD.org> Cc: freebsd-arch@FreeBSD.org Subject: Re: SysctlFS Message-ID: <Pine.BSF.4.21.0007160116310.877-100000@green.dyndns.org> In-Reply-To: <Pine.NEB.3.96L.1000715225806.23943A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 15 Jul 2000, Robert Watson wrote:
> >
> > Unless you can think of anything else that could possibly be the
> > canonical namespace, struct vnode *rootvnode.
>
> On Coda diskless workstations, we have a kernel with an MFSROOT, and then
> chroot processes to under the Coda tree. This technique is probably used
> in other environments also (possibly NFS diskless boxes, et al?). One of
> the traditional ambiguities in UNIX has been the nature of the root
> directory -- it is defined specifically in the context of a process.
> Chroot'd processes can chroot, and spawn processes that can then chroot.
> Right there you can see three potential "real" root directories. :-) Now
> imagine that jail() supported nesting...
Yes, but there is always a mount entry for "/", and that is called
rootvnode. If you'd prefer to think of it that way, it's often the
same as proc0.p_fd->fd_fd.fd_rdir. We will always have a canonical
root directory un{til,less} we move toward the Plan-9 design of
per-process mount tables. If jail() supported a "breakout", it
should only be to the canonical root, the first root, I believe.
> That's one reason why I find the idea of absolute symlinks outside of the
> chroot environment uncomfortable, and prefer some sort of light-weight
> mount mechanism, or run-time constructed specialized links or the like,
> rather than name-based construction.
Well, it's just an idea. I fear there won't be a more elegant way of
doing it short of per-process mount tables :)
> Robert N M Watson
>
> robert@fledge.watson.org http://www.watson.org/~robert/
> PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
> TIS Labs at Network Associates, Safeport Network Services
--
Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
green@FreeBSD.org `------------------------------'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007160116310.877-100000>