From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <4ecea8373f0b5925f40b657039695591@quanstro.net>
From: erik quanstrom <quanstro@quanstro.net>
Date: Sun,  4 Jan 2009 00:48:08 -0500
To: lucio@proxima.alt.za, 9fans@9fans.net
In-Reply-To: <dd19e12ccb2d34fe06ce31e9540a86b2@proxima.alt.za>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] sendfd() on native Plan 9?
Topicbox-Message-UUID: 7749fe18-ead4-11e9-9d60-3106f5b1d025

> > '#p'
> > allows any of my namespaces to debug processess in any other, '#s' is too
> > global, and /net seems to allow any of my processes to manipulate any of my
> > other processes' network connections (though I've not tested in detail to
> > see what's possible.)
>
> So you're saying that (a) a jailed process should not have access to
> the #-devices at all and (b) their equivalent /proc, /srv and /net
> ought to be configured as part of the jail and should not be
> modifiable.

there is no special exception for #s, #I or #l.  these cases are handled
already.

> Plan 9 source often short-circuits the possibility that #-something is
> not bound to the conventional place

s/often/always/
there is no exception.  one could not bind something onto #X.

- erik