From owner-freebsd-arch Sat Jul 15 22:30:22 2000 Delivered-To: freebsd-arch@freebsd.org Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 018DE37BA6B; Sat, 15 Jul 2000 22:29:58 -0700 (PDT) (envelope-from green@FreeBSD.org) Date: Sun, 16 Jul 2000 01:29:41 -0400 (EDT) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: Robert Watson Cc: freebsd-arch@FreeBSD.org Subject: Re: SysctlFS In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 15 Jul 2000, Robert Watson wrote: > > > > Unless you can think of anything else that could possibly be the > > canonical namespace, struct vnode *rootvnode. > > On Coda diskless workstations, we have a kernel with an MFSROOT, and then > chroot processes to under the Coda tree. This technique is probably used > in other environments also (possibly NFS diskless boxes, et al?). One of > the traditional ambiguities in UNIX has been the nature of the root > directory -- it is defined specifically in the context of a process. > Chroot'd processes can chroot, and spawn processes that can then chroot. > Right there you can see three potential "real" root directories. :-) Now > imagine that jail() supported nesting... Yes, but there is always a mount entry for "/", and that is called rootvnode. If you'd prefer to think of it that way, it's often the same as proc0.p_fd->fd_fd.fd_rdir. We will always have a canonical root directory un{til,less} we move toward the Plan-9 design of per-process mount tables. If jail() supported a "breakout", it should only be to the canonical root, the first root, I believe. > That's one reason why I find the idea of absolute symlinks outside of the > chroot environment uncomfortable, and prefer some sort of light-weight > mount mechanism, or run-time constructed specialized links or the like, > rather than name-based construction. Well, it's just an idea. I fear there won't be a more elegant way of doing it short of per-process mount tables :) > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message