From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <8ccc8ba40901031446r2dcf34e8l66a154390124dc0d@mail.gmail.com>
Date: Sat,  3 Jan 2009 23:46:29 +0100
From: "Francisco J Ballesteros" <nemo@lsub.org>
To: "Fans of the OS Plan 9 from Bell Labs" <9fans@9fans.net>
In-Reply-To: <1231022424.11463.231.camel@goose.sun.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <5815b4f0a81ae76e01b8987ae27bdb31@quanstro.net>
	<1231022424.11463.231.camel@goose.sun.com>
Subject: Re: [9fans] directly opening Plan9 devices
Topicbox-Message-UUID: 76df7610-ead4-11e9-9d60-3106f5b1d025

Isn't it too restrictive, eg, not allowing you to create pipes?


On Sat, Jan 3, 2009 at 11:40 PM, Roman V. Shaposhnik <rvs@sun.com> wrote:
> On Sat, 2009-01-03 at 17:03 -0500, erik quanstrom wrote:
>> > Did you see the example I provided in the original
>> > email? "rfork m" is *exactly* RFNOMNT. And it doesn't
>> > seem to work for one simple reason: RFNOMNT doesn't
>> > restrict bind(2).
>>
>> these are exceptions.  from port/chan.c:
>>
>>       case '#':
>>               nomount = 1;
>>               up->genbuf[0] = '\0';
>>               n = 0;
>>               while(*name != '\0' && (*name != '/' || n < 2)){
>>                       if(n >= sizeof(up->genbuf)-1)
>>                               error(Efilename);
>>                       up->genbuf[n++] = *name++;
>>               }
>>               up->genbuf[n] = '\0';
>>               /*
>>                *  noattach is sandboxing.
>>                *
>>                *  the OK exceptions are:
>>                *      |  it only gives access to pipes you create
>>                *      d  this process's file descriptors
>>                *      e  this process's environment
>>                *  the iffy exceptions are:
>>                *      c  time and pid, but also cons and consctl
>>                *      p  control of your own processes (and unfortunately
>>                *         any others left unprotected)
>>                */
>>               n = chartorune(&r, up->genbuf+1)+1;
>>               /* actually / is caught by parsing earlier */
>> >>>>          if(utfrune("M", r))
>> >>>>                  error(Enoattach);
>> >>>>          if(up->pgrp->noattach && utfrune("|decp", r)==nil)
>>                       error(Enoattach);
>>               t = devno(r, 1);
>>               if(t == -1)
>>                       error(Ebadsharp);
>>               c = devtab[t]->attach(up->genbuf+n);
>>               break;
>>
>> the first two indicated lines are redundant.
>> i'm not so sure about any of the exceptions.
>
> Two comments:
>   0. First of all, thanks for the code snippet. I'm so used to Plan9
>      having as little exceptions as possible and being very well
>      documents that I sometimes forget to look for the source.
>   1. This better be documented in the man pages, if you ask me.
>
> And finally, I'd say having these exceptions is a mistake. Unless,
> there's a really good reason, they break the paradigm of RFNOMNT
> quite needlessly without even a hint of a benefit.
>
> Anybody disagrees?
>
> Thanks,
> Roman.
>
>
>