> On Mon, Apr 03, 2000 at 07:47:46AM -0500, Nathan Neulinger wrote:
> > >
> > > They allow you making the directory structure attribute
> that may be shared or not shared
> > > between processes. Al will implement this usinf yet
> another clone() flag.
> >
> > Sounds like that's what would be needed for the virtual
> directory part.
> > So I take it that under normal circumstances, once a
> directory entry is
> > in the cache, without this flag it would be shared between
> all processes
> > accessing the cache?
>
> Not really. To read about namespaces look at:
> http://inferno.bell-labs.com/plan9/doc/names.html
> The biggest difference is that plan9 rfork() ist clone() in linux.
I'm not sure I understand the relevance here...
My primary goal was to have a filesystem mount that could appear to contain
different files/dirs for each process. The files/dirs it contains would
really be mappings back to the real filesystem.
Now, if you're meaning that someone could do something like take the 'bind'
type mount support from those patches and modify it into doing what I was
wanting - that's a possibility worth looking at. I think I might even be
willing to take the approach of having the mount directly display the full
contents of the mapped directory (i.e. show all user directories) but remap
the permissions so that regardless of what the perms are in reality, it
appears to only be 700 in the chrooted area.
The key component is how to get the fs to indicate that "when accessing this
file, you really are accessing this other dir", but without making the
mounts.
One approach that might be possible to take would be to modify autofs - but
the problem with that is that I don't want to see the machine with hundreds
of mounts... that can't possibly be efficient. The other problem is - that
once the dir is mounted, it will be accessible to all users using that
chrooted area.
> You might be interestet in union mounts (will hopefully be in
> linux 2.5),
> which mean, that you can mount to fs'es on the same mountpoint.
>
> You will be able to do:
> mount -t bind /usr/unrestricted /usr/bin
> mount -t bind /usr/restricted /usr/bin
>
> mount -t bind /usr/unrestricted /chroot/usr/bin
That might also be useful, the thing is though that I don't mind installing
a second copy of apps in the chrooted area. In most cases, the number of
apps installed there will be extremely minimal, likely just a copy of perl
and requisite libraries. Given that I'll be reproducing some of the
directory structure, all that I'll have to do is copy the apps/libs, not
fully install them.
Thanks for the input!
-- Nathan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Apr 07 2000 - 21:00:09 EST