From mboxrd@z Thu Jan  1 00:00:00 1970
MIME-Version: 1.0
In-Reply-To: <20130312035255.8C0CEB834@mail.bitblocks.com>
References: <320203de502d79e73cd7447f3ce25154@sphericalharmony.com>
	<20130312035255.8C0CEB834@mail.bitblocks.com>
Date: Tue, 12 Mar 2013 10:57:53 -0400
Message-ID: <CAFUtaNFXmgg5dy+23fSKOpP9L9K0c+zYpo17EJZn=9dOcDeziA@mail.gmail.com>
From: "Joel C. Salomon" <joelcsalomon@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [9fans] A note about new software for Plan 9
Topicbox-Message-UUID: 27c590f6-ead8-11e9-9d60-3106f5b1d025

On Mon, Mar 11, 2013 at 11:52 PM, Bakul Shah <bakul@bitblocks.com> wrote:
> To do something similar you will have to constrain each jail
> to see a subset of processes, give it its own /dev, /env etc.
> Not sure how you do this.

So long as processes in the jail use /dev, /env, etc., etc., as
inherited from/shared with their parent processes, this seems doable,
if tedious: provide a synthetic file system that shows a limited view
on /dev, /env, etc.

But the child process can always mount #x for various x, and get out of jai=
l.

=E2=80=94Joel