From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] novel userspace paradigms introduced by plan 9
Date: Sun, 3 Jul 2011 16:57:43 -0400 [thread overview]
Message-ID: <958e05563c61b440a0b79507677d27c4@ladd.quanstro.net> (raw)
In-Reply-To: <alpine.OSX.1.10.1107031351010.3950@rastawifi.orthanc.ca>
> > why do you think that the lack of a super user make per-process namespaces
> > work?
>
> The fact that you own the hardware you are running on means there's no
> need to provide enhanced priv's (such as root) to protect things like
> mount(2).
that's a property of per-process namespaces, not the lack of a root user.
in this sense plan 9 has a limited root—the hostowner that owns the devices
on a machine and is trusted wrt the authentication protocol.
> And if you do something stupid, the only damage you can do is
> to yourself. Just look at all the hoops FUSE must jump through to keep
> people from being able to bodge the entire system.
for some reason, the linux guys have convinced themselves that per process
namespaces can't be done without security problems. i see no reason that
pam couldn't do plan 9 style authentication with a process running on behalf
of root with its own namespace.
they've changed everything else in unix, why hold so tightly to the clearly
unhelpful ideas?
- erik
next prev parent reply other threads:[~2011-07-03 20:57 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-02 16:15 Robert Seaton
2011-07-02 16:23 ` Jacob Todd
2011-07-17 12:37 ` Eugene Gorodinsky
2011-07-17 13:54 ` Charles Forsyth
2011-07-18 8:32 ` Eugene Gorodinsky
2011-07-18 17:14 ` Charles Forsyth
2011-07-19 7:50 ` Eugene Gorodinsky
2011-07-02 16:29 ` dexen deVries
2011-07-02 17:24 ` Jack Johnson
2011-07-02 17:34 ` [9fans] To p9 or not to p9? (was: novel userspace paradigms introduced by plan 9) dexen deVries
2011-07-02 18:23 ` [9fans] novel userspace paradigms introduced by plan 9 Eli Cohen
2011-07-02 18:36 ` dexen deVries
2011-07-02 23:10 ` simon softnet
2011-07-02 23:31 ` Lyndon Nerenberg (VE6BBM/VE7TFX)
2011-07-03 8:55 ` simon softnet
2011-07-03 11:06 ` Connor Lane Smith
2011-07-03 14:38 ` Iruatã Souza
2011-07-03 22:05 ` Charles Forsyth
2011-07-03 17:57 ` Lyndon Nerenberg
2011-07-03 18:10 ` dexen deVries
2011-07-03 20:44 ` erik quanstrom
2011-07-03 20:53 ` Lyndon Nerenberg
2011-07-03 20:57 ` erik quanstrom [this message]
2011-07-03 21:08 ` andrey mirtchovski
2011-07-03 21:29 ` ron minnich
2011-07-03 21:38 ` andrew zerger
2011-07-03 21:39 ` andrew zerger
2011-07-03 21:51 ` andrey mirtchovski
2011-07-17 16:25 ` Nicolas Bercher
[not found] ` <CAMdzYRr4_2JdEXaZ8cg=_9CJYzZr63HtEAtaG6x8WXGrPtp_DQ@mail.gmail.c>
2011-07-03 11:55 ` erik quanstrom
2011-07-03 12:32 ` Connor Lane Smith
[not found] ` <CAMdzYRowH+Y3UA4iyPy+4dP-cE064A6XZXvTbB1M-jBypu_ORw@mail.gmail.c>
2011-07-03 12:51 ` erik quanstrom
2011-07-03 13:13 ` Connor Lane Smith
2011-07-04 6:44 ` Yaroslav
2011-07-04 14:59 ` Robert Seaton
2011-07-16 10:52 ` simon softnet
2011-07-16 19:12 ` David Leimbach
2011-07-16 19:17 ` simon softnet
2011-07-16 19:32 ` Ethan Grammatikidis
2011-07-16 21:10 ` simon softnet
2011-07-17 9:38 ` Ethan Grammatikidis
2011-07-18 9:04 ` Balwinder S Dheeman
2011-07-18 9:30 ` dexen deVries
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=958e05563c61b440a0b79507677d27c4@ladd.quanstro.net \
--to=quanstro@quanstro.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).