From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Tue, 2 Dec 2008 13:31:53 -0500 From: Nathaniel W Filardo To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <20081202183153.GW3331@masters10.cs.jhu.edu> References: <1FAD6133-18F8-444F-BD6E-795999DE3170@sun.com> <1228155909.18951.33.camel@goose.sun.com> <1228241097.7593.40.camel@goose.sun.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CRrRoVXEpX/Dc4YP" Content-Disposition: inline In-Reply-To: <1228241097.7593.40.camel@goose.sun.com> User-Agent: Mutt/1.5.18 (2008-05-17) Subject: Re: [9fans] How to implement a moral equivalent of automounter in Plan9? Topicbox-Message-UUID: 559174ae-ead4-11e9-9d60-3106f5b1d025 --CRrRoVXEpX/Dc4YP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 02, 2008 at 10:04:57AM -0800, Roman V. Shaposhnik wrote: > I would imagine that making '#p'//ns writable and receptive > to messages of exact same format that is being output right now > (plus an 'unmount X Y' message) would be a very natural thought in > a Plan9 environment. Yet, it wasn't implemented that way which makes=20 > me believe that I do (as usual) overlook something obvious here.=20 > Please give me a hint to what it might be that renders the idea as a bad > one. Namespaces form a large part of the security component of the Plan 9 model, and (AFAICT) cross-namespace work is underinvestigated since it starts to look a lot like something that could compromise the system's security. At the moment, we can make claims like "once fork(NEWNS) succeeds, I and the kernel are the only agents that are able to manipulate my namespace." This is a nice statement to be able to make. Since /proc/$PID/ns is "mostly" an rc script, it's possible (sometimes) to "see into" another proc's namespace by following along... given that, what would be wrong with your /set server exporting a ns-like file that simply detailed its own manipulations to its namespace? You'd have to assume that /net (or /srv, if you prefer) was shared between /set and you, I suppose... which is probably OK. > Thanks, > Roman. >=20 > P.S. Thinking for a couple more minutes makes me believe that a=20 > writable '#p'//ns might even be used to implement=20 > mount/bind syscall. Which, on the surface, would make it even > more appealing. Intriguing. I guess it wasn't done this way so that processes could be constructed without /proc mounted... (though you could always manipulate '#p/$PID/ns'... that might be considered a bug, tho') --nwf; --CRrRoVXEpX/Dc4YP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkk1fxkACgkQTeQabvr9Tc9QOgCeM83JPwwYNMmilhucbauqS6In K8EAnjGWHLMbAgBhiSN0mFHv8b7BxNxz =gOO4 -----END PGP SIGNATURE----- --CRrRoVXEpX/Dc4YP--