From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, NICE_REPLY_A,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 21127 invoked from network); 6 Jun 2022 15:11:14 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 6 Jun 2022 15:11:14 -0000 Received: from mail.posixcafe.org ([45.76.19.58]) by 9front; Mon Jun 6 11:09:27 -0400 2022 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=posixcafe.org; s=20200506; t=1654528163; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q1DZTmAJfAkhkYOCV+5EPNXTjSAcEQa+tRZhGh0oQDM=; b=dj85TAYi5khNZkYI/hOgGX2d/PgEfdLlDLyxhwGbuuvl/4UdlsT1qjRFWhnIb5bn48I4B4 kafiaow3gtxvhtM8OYX2MfNvMVw0EHsAqr8db1zaoFOq+MzcL7LmeKKvqycYaxBwUDjMvE 0IJ9hR2oiVozMJBYUbjsrf1/K3SDlKw= Received: from [192.168.168.200] (161-97-228-135.lpcnextlight.net [161.97.228.135]) by mail.posixcafe.org (OpenSMTPD) with ESMTPSA id a6848db5 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <9front@9front.org>; Mon, 6 Jun 2022 10:09:23 -0500 (CDT) Message-ID: <1da79bdf-d8bd-383e-b577-db5eece2dcf6@posixcafe.org> Date: Mon, 6 Jun 2022 09:08:49 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Content-Language: en-US To: 9front@9front.org References: <08B58C43C8BB3ABC8B89ADE9C37573F1@eigenstate.org> From: Jacob Moody In-Reply-To: <08B58C43C8BB3ABC8B89ADE9C37573F1@eigenstate.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: distributed engine DOM map/reduce table controller Subject: Re: [9front] Pitch for devskel Reply-To: 9front@9front.org Precedence: bulk On 6/6/22 08:40, ori@eigenstate.org wrote: > Quoth Jacob Moody : >> + case 'M': >> + mountok = 1; >> + snprint(devs, sizeof devs, "%s%c", devs, 'M'); >> + break; > > I think this should be allowed by default -- I we can > already allow programs to mess with their namespace > as they see fit using bind and unmount, and I don't > think mount should be any more privileged. Sure. The only difference between mount and bind is that mount does a new devmnt attach, potentially doing authentication as part of that. Without the ability to mount, a program can never reauthenticate to a fs. > > Actually, thinking about this more, I think that all > devices should be dropped by default (bind them in > if you care), and mounts should be allowed. Sure I am OK with that. Although binding them in does not work for things like '#|', so a devmask will likely still need to be supplied with -e for such cases. > mimic seems like it'd be largely unneeded, since > you can already bind things into your ns before > boxing. > You _can_ just bind things in to your namespace, and if you did you just wouldn't need auth/box. The point of auth/box is take potentially deeply nested/relative paths and to mimic that hierarchy the the new root. Due to the restriction of devskel to only permit one skeleton per attach. Mimicking some hierarchies can be tedious. This removes that tedium. For example to mimic /sys/log/www to newroot. You need to do: bind -b '#zd/sys' /newroot bind '#zd/log' /newroot/sys bind '#zf/www' /newroot/sys/log/ bind /sys/log/www /newroot/sys/log/www The point of auth/* tools has always been to assist in doing namespace operations for what you could otherwise do yourself, just in a way that is a bit more ergonomic.I also think the auth/* also live as C examples for doing some of these operations in other code. Thanks, Moody