9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Jacob Moody <moody@mail.posixcafe.org>
To: 9front@9front.org
Subject: Re: [9front] Pitch for devskel
Date: Mon, 6 Jun 2022 09:08:49 -0600	[thread overview]
Message-ID: <1da79bdf-d8bd-383e-b577-db5eece2dcf6@posixcafe.org> (raw)
In-Reply-To: <08B58C43C8BB3ABC8B89ADE9C37573F1@eigenstate.org>

On 6/6/22 08:40, ori@eigenstate.org wrote:
> Quoth Jacob Moody <moody@mail.posixcafe.org>:
>> +	case 'M':
>> +		mountok = 1;
>> +		snprint(devs, sizeof devs, "%s%c", devs, 'M');
>> +		break;
> I think this should be allowed by default -- I we can
> already allow programs to mess with their namespace
> as they see fit using bind and unmount, and I don't
> think mount should be any more privileged.

Sure. The only difference between mount
and bind is that mount does a new devmnt attach, potentially
doing authentication as part of that. Without the ability to
mount, a program can never reauthenticate to a fs.

> Actually, thinking about this more, I think that all
> devices should be dropped by default (bind them in
> if you care), and mounts should be allowed.

Sure I am OK with that. Although binding them
in does not work for things like '#|', so a
devmask will likely still need to be supplied with -e
for such cases.

> mimic seems like it'd be largely unneeded, since
> you can already bind things into your ns before
> boxing.

You _can_ just bind things in to your namespace,
and if you did you just wouldn't need auth/box.
The point of auth/box is take potentially deeply
nested/relative paths and to mimic that hierarchy
the the new root. Due to the restriction of devskel
to only permit one skeleton per attach. Mimicking some
hierarchies can be tedious. This removes that tedium.

For example to mimic /sys/log/www to newroot.
You need to do:

bind -b '#zd/sys' /newroot
bind '#zd/log' /newroot/sys
bind '#zf/www' /newroot/sys/log/
bind /sys/log/www /newroot/sys/log/www

The point of auth/* tools has always been to
assist in doing namespace operations for what
you could otherwise do yourself, just in a way
that is a bit more ergonomic.I also think the
auth/* also live as C examples for doing some of these
operations in other code.


  reply	other threads:[~2022-06-06 15:11 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-05  0:57 Jacob Moody
2022-06-06  3:16 ` Jacob Moody
2022-06-06  6:41   ` Jacob Moody
2022-06-06 14:40     ` ori
2022-06-06 15:08       ` Jacob Moody [this message]
2022-06-06 15:24         ` ori
2022-06-06 15:31           ` Jacob Moody

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1da79bdf-d8bd-383e-b577-db5eece2dcf6@posixcafe.org \
    --to=moody@mail.posixcafe.org \
    --cc=9front@9front.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).