From mboxrd@z Thu Jan 1 00:00:00 1970 From: Martin C.Atkins To: 9fans@cse.psu.edu Subject: Re: [9fans] A proposal regarding # in bind Message-Id: <20030225193133.21c658c1.martin@mca-ltd.com> In-Reply-To: References: <20030225100713.5309c11f.martin@mca-ltd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Date: Tue, 25 Feb 2003 19:31:33 +0530 Topicbox-Message-UUID: 71f41164-eacb-11e9-9e20-41e7f4b1d025 On Tue, 25 Feb 2003 11:02:27 +0000 chris@cjl1.demon.co.uk wrote: > Rather than rog's special special #name for acquiring the > local device namespace I'd prefer a syscall. Like I've said in another message, I'd prefer there to be no (user-visible) way to mount /ur, only a way to unmount it! >.. > Other notes: > > pctl(NODEVS) still allows attach to certain devices such as devpipe > and prog. Martin's unmount /ur would prevent an app from killing > off any spawned threads or using pipes, which seems draconian. Right. Now I understand the comments in another message... How about this: Before starting the init process, the kernel binds into init's namespace #/ onto / #smallur onto /ur #bigur onto /ur (BEFORE) using the kernel's private, special version of bind, which does understand these names. #smallur would provide names for '#|' etc, and #bigur would provide names for the rest. Then an inheriting process could unmount bigur, but still be able to create pipes, etc. (NB I'm not seriously suggesting these exact names! :-) BTW: why would my unmount /ur prevent an application from killing spawned threads? If the application had #p mounted on /prog, then unmounting /ur wouldn't affect that in any way.... (/ur is only used during the bind of #p etc.) > > [NOTE: general access to prog is a problem anyway - consider multiple > users logged in as 'none' - any one can kill the threads of the others.] Indeed! Martin -- Martin C. Atkins martin@mca-ltd.com Mission Critical Applications Ltd, U.K. http://www.mca-ltd.com