From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: Date: Mon, 20 Oct 2008 17:09:15 +0300 From: Yaroslav To: "Fans of the OS Plan 9 from Bell Labs" <9fans@9fans.net> In-Reply-To: <1224314778.32175.28.camel@goose.sun.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <26c1814ccfc8559a96987385a144c4e7@quanstro.net> <1224063742.4463.145.camel@goose.sun.com> <64debd1118fe0541e4b377bfbb18b2a2@coraid.com> <1224314778.32175.28.camel@goose.sun.com> Subject: Re: [9fans] several things Topicbox-Message-UUID: 219db5b8-ead4-11e9-9d60-3106f5b1d025 2008/10/18 Roman V. Shaposhnik : > On Wed, 2008-10-15 at 08:17 -0400, erik quanstrom wrote: >> > > ; mntgen a >> > > ; bind /env a/env >> > > ; bind /bin a/bin >> > > ; bind /proc a/proc >> > > ; bind a / >> > > ; ns >> > > >> > > consider it a security feature. >> > >> > Be it as it may, I still can't quite follow why *manual* pruning >> > of the entries from the namespace would be forbidden. unmount(2) >> > takes two strings as arguments, right? It doesn't even need an fd. >> >> because they're not visible. you have to access >> it in order to unmount it. > > I see what you meant now. For some reason, I constantly assume > that namespace is sort of a substitution table that helps you > walk(5) across the bind/mount points. But it is not. Is there > a simple reason for mandating access to the target of the bind? > > Or here's an easier way to ask the same: is there a simple reason > for > $ bind /foo /really/nested/bar > always triggering walks into /foo and /really/nested/bar and not > allowing for "lazy evaluation"? The evaluation of bind argument "happens at the time of the bind, not when the binding is later used." -- see bind(2). Also, /sys/doc/9.ps worth reading.