From: "Roman V. Shaposhnik" <rvs@sun.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] How to implement a moral equivalent of automounter in Plan9?
Date: Tue, 2 Dec 2008 11:34:33 -0800 [thread overview]
Message-ID: <1228246473.16585.27.camel@goose.sun.com> (raw)
In-Reply-To: <20081202183153.GW3331@masters10.cs.jhu.edu>
On Tue, 2008-12-02 at 13:31 -0500, Nathaniel W Filardo wrote:
> Namespaces form a large part of the security component of the Plan 9 model,
> and (AFAICT) cross-namespace work is underinvestigated
It would be, in fact, a fair answer.
> since it starts to look a lot like something that could compromise the
> system's security.
Somehow, it doesn't strike me as any more dangerous that the rest
of files you have under #p/<id>/. But I'd love to be corrected.
> the moment, we can make claims like "once fork(NEWNS) succeeds, I and the
> kernel are the only agents that are able to manipulate my namespace." This
> is a nice statement to be able to make.
But isn't it a tad overprotective? Although, it seems that I know of
at least one more thing that didn't make it into #p -- environment.
#e is also only accessible to the kernel and the process itself.
I have always thought that Linux got it right with /proc/self
and /proc/<id>/environ. But may be, again, I'm missing some part
of a bigger picture here.
> Since /proc/$PID/ns is "mostly" an rc script, it's possible (sometimes) to
> "see into" another proc's namespace by following along... given that, what
> would be wrong with your /set server exporting a ns-like file that simply
> detailed its own manipulations to its namespace? You'd have to assume that
> /net (or /srv, if you prefer) was shared between /set and you, I suppose...
> which is probably OK.
I *suspect* that this is, indeed, the dance Russ was referring to.
Nothing wrong with dancing it. But it still leaves me curious
as to why it was decided to *not* implement the support in the
kernel.
Thanks,
Roman.
next prev parent reply other threads:[~2008-12-02 19:34 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-01 7:25 Roman Shaposhnik
2008-12-01 8:38 ` Fco. J. Ballesteros
2008-12-01 14:34 ` erik quanstrom
2008-12-01 14:40 ` Francisco J Ballesteros
2008-12-01 15:08 ` erik quanstrom
2008-12-01 15:16 ` Francisco J Ballesteros
2008-12-01 17:48 ` Russ Cox
2008-12-01 18:17 ` ron minnich
2008-12-01 18:31 ` Roman V. Shaposhnik
2008-12-01 21:18 ` Dan Cross
2008-12-02 18:12 ` Roman V. Shaposhnik
2008-12-02 18:18 ` [9fans] How to implement a moral equivalent of automounter erik quanstrom
2008-12-02 19:25 ` Roman V. Shaposhnik
2008-12-02 19:29 ` erik quanstrom
2008-12-02 20:12 ` hiro
2008-12-02 21:14 ` Roman V. Shaposhnik
2008-12-02 21:35 ` erik quanstrom
2008-12-03 1:26 ` Roman V. Shaposhnik
2008-12-03 1:42 ` Dan Cross
2008-12-03 2:13 ` erik quanstrom
2008-12-04 7:39 ` Dave Eckhardt
2008-12-04 14:58 ` Steve Simon
2008-12-05 4:57 ` Nathaniel W Filardo
2008-12-05 12:10 ` Steve Simon
2008-12-04 17:57 ` Roman V. Shaposhnik
2008-12-05 4:35 ` Dave Eckhardt
2008-12-05 4:43 ` erik quanstrom
2008-12-06 5:16 ` Roman Shaposhnik
2008-12-06 13:58 ` erik quanstrom
2008-12-06 5:14 ` Roman Shaposhnik
2008-12-06 14:27 ` erik quanstrom
2008-12-07 0:03 ` Roman Shaposhnik
2008-12-07 0:16 ` [9fans] How to implement a moral equivalent ofautomounter erik quanstrom
2008-12-07 5:20 ` Rob Pike
2008-12-07 5:30 ` akumar
2008-12-07 5:53 ` Roman Shaposhnik
2008-12-07 20:32 ` Noah Evans
2008-12-01 18:25 ` [9fans] How to implement a moral equivalent of automounter in Plan9? Roman V. Shaposhnik
2008-12-01 22:48 ` Bakul Shah
2008-12-01 23:11 ` [9fans] How to implement a moral equivalent of automounter in geoff
2008-12-02 18:15 ` Roman V. Shaposhnik
2008-12-02 0:55 ` [9fans] How to implement a moral equivalent of automounter in Plan9? Russ Cox
2008-12-02 18:04 ` Roman V. Shaposhnik
2008-12-02 18:31 ` Nathaniel W Filardo
2008-12-02 19:34 ` Roman V. Shaposhnik [this message]
2008-12-02 20:05 ` hiro
2008-12-02 21:17 ` Roman V. Shaposhnik
2008-12-02 21:29 ` erik quanstrom
2008-12-02 23:55 ` Russ Cox
2008-12-03 0:07 ` erik quanstrom
2008-12-03 1:21 ` Roman V. Shaposhnik
2008-12-03 1:36 ` Dan Cross
2008-12-06 5:24 ` Roman Shaposhnik
2008-12-06 10:52 ` Dan Cross
2008-12-03 5:23 ` Rob Pike
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1228246473.16585.27.camel@goose.sun.com \
--to=rvs@sun.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).