From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <8aff8453980259d42a5ed92a5405eef1@quanstro.net>
From: erik quanstrom <quanstro@quanstro.net>
Date: Sun,  4 Jan 2009 10:46:14 -0500
To: lucio@proxima.alt.za, 9fans@9fans.net
In-Reply-To: <41c083b856f1c8644dab7d813b2e53a1@proxima.alt.za>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] sendfd() on native Plan 9?
Topicbox-Message-UUID: 78563c72-ead4-11e9-9d60-3106f5b1d025

> >> Another aspect I noticed is that what you seem to need is a
> >> finer-grained construction of #p and #s, but being able to construct
> >> them one layer further down the hierarchy might suffice.
> >
> > "one layer further down the hierarchy" ?
> >
> Well, if you could bind a subset of #s by some selection criterion -
> specifically process group, but who's to know what else might be
> useful?  - say, back onto a local /srv, you may have a sensible
> mechanism for jailing processes.  But I'm once again speculating
> outside my knowledge and experience.

why not just avoid /srv and #s alltogether?

the jailer could do the mounts before starting the
prisoner.  this way, no access to #s would be required.

- erik