Re: [PATCH] private mounts

From: Bodo Eggert (7eggert_at_gmx.de)
Date: 04/26/05

  • Next message: Lars Marowsky-Bree: "Re: [PATCH][RFC] Linux VM hooks for advanced RDMA NICs" 
    Date:	Tue, 26 Apr 2005 22:08:15 +0200 (CEST)
To: Bryan Henderson <hbryan@us.ibm.com>

    On Tue, 26 Apr 2005, Bryan Henderson wrote:

    > >> >mknamespace -p users/$UID # (like mkdir -p)
    > >> >setnamespace users/$UID # (like cd)
    > >> ^^^^^^^^
    > >>
    > >> You realize that 'cd' is a shell command, and has to be, I hope. That
    > >> little fact has thrown a wrench into many of the ideas in this thread.
    > >
    > >I suppose it will be called by the login process or by wrappers like
    > >'nice'.
    >
    > Just to be clear, then: this idea is fundamentally different from the
    > mkdir/cd analogy the thread starts with above.

    NACK, it's very similar to the cd "$HOME" (or ulimit calls) done by the
    login mechanism, except for the fact that no shell does implement a
    setnamespace command and therefore can't leave that namespace. If the
    shell were actually modified to implement setnamespace, that command would
    be exactly like the cd command.

    The wrapper I mentioned will usurally not be needed for normal operation,
    but if users want additional private namespaces, they'll need this
    seperate wrapper (or to modify the application or the shell) in order to
    switch into them.

    > And it misses one rather
    > important requirement compared to mkdir/cd: You can't add a new mount to
    > an existing shell.

    The mount would be a part of the current namespace, which is shared across
    all current user processes unless they are started without login (e.g.
    procmail[0]) or running in a different namespace (the user called
    setnamespace).

    [0] If you want procmail in a user namespace, use a wrapper like
    ---/usr/bin/procmail---
    #!/bin/sh
    exec /usr/bin/setnamespace /users/"$UID" -- /usr/bin/procmail.bin "$@" 

    ---
BTW: I think the namespaces will need the normal file permissions.
-- 
Fun things to slip into your budget
Paradigm pro-activator (a whole pack)
	(you mean beer?)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
  • Next message: Lars Marowsky-Bree: "Re: [PATCH][RFC] Linux VM hooks for advanced RDMA NICs"

    Relevant Pages

    • C++ Managed Wrapper DLL exposes unmanaged names too - help
      ... classes using specific namespace but same class names as unmanaged. ... from the wrapping dll, thus hiding names of the wrapping namespace. ... one can only be accessed via "managedWrapper.sampleClass" from client ... What is the hint to overcome that - renaming all the wrapper of 7000 classes ...
      (microsoft.public.dotnet.framework.interop)
    • problem with calling C++/CLI wrapper to C++ code from C# applicati
      ... only to the wrapper and the wrapper has a reference to unmanaged dll. ... reference only to the wrapper namespace. ... _CppLib = new CCppLib; ...
      (microsoft.public.dotnet.languages.vc)
    • Re: C runtime library for Unix
      ... and what I need to use to avoid polluting the user's namespace ... to route them through "wrapper" functions instead. ... namespace with CreateFile. ... You bought our system, ...
      (comp.lang.c)
    • Re: Override existing class name with custom assembly?
      ... > They suggest sandboxing which wraps the OLE DB access code, give the wrapper ... > full trust so OLE DB works, but the wrapper doesn't require callers to have ... I was thinking about "sandboxing" the whole OleDb Namespace. ...
      (microsoft.public.dotnet.general)
    • System.DirectoryServices
      ... Checking a login and password with syntax as below: ... namespace. ... That also only works with the ADMIN account. ...
      (microsoft.public.dotnet.framework.aspnet.security)