From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 17767 invoked from network); 6 Jun 2022 14:43:45 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 6 Jun 2022 14:43:45 -0000 Received: from mimir.eigenstate.org ([206.124.132.107]) by 9front; Mon Jun 6 10:40:43 -0400 2022 Received: from abbatoir.myfiosgateway.com (pool-74-108-56-225.nycmny.fios.verizon.net [74.108.56.225]) by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id ecbc0d24 (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO) for <9front@9front.org>; Mon, 6 Jun 2022 07:40:30 -0700 (PDT) Message-ID: <08B58C43C8BB3ABC8B89ADE9C37573F1@eigenstate.org> To: 9front@9front.org Date: Mon, 06 Jun 2022 10:40:28 -0400 From: ori@eigenstate.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: generic secure just-in-time self-signing optimizer Subject: Re: [9front] Pitch for devskel Reply-To: 9front@9front.org Precedence: bulk Quoth Jacob Moody : > + case 'M': > + mountok = 1; > + snprint(devs, sizeof devs, "%s%c", devs, 'M'); > + break; I think this should be allowed by default -- I we can already allow programs to mess with their namespace as they see fit using bind and unmount, and I don't think mount should be any more privileged. Actually, thinking about this more, I think that all devices should be dropped by default (bind them in if you care), and mounts should be allowed. mimic seems like it'd be largely unneeded, since you can already bind things into your ns before boxing.