On Mon, 17 Apr 2000, Michael H. Warfield wrote:
> On this (subsets of the tree to be mounted in chrooted jails) I
> HAVE to agree with Richard, and/or the guys that are saying piss on
> Richard, just use FS based special devices like we always have. If we
> have the full set of devices in the chrooted jails, like we have in the
> main OS, or if we have any form of mknod, we might as well not even
> bother with chroot. There are too many known ways out if you allow
Sure, but WTF bother? If you have a chroot jail under /foo/bar - fine,
union-mount the pieces you want (and only them) on /foo/bar/dev. Sure
thing, you don't want /dev/kmem (or /dev/hd*, or...) there. So?
> access to things like /dev/kmem and such. I hadn't considered the
> multiplicity of mounts (consider virtual servers - YUCK! Non-op! Dain
> Bramage alert!) but these create a whole new mess for admins of advanced
> sites. How DO you manage these things where you want to control what
> does and does NOT show up under different mounts?
You just mount the pieces needed and leave everything else out. What's the
problem? If you have different filesystems instead of different parts of
devfs you can use good, old mount to control what will be visible.
> > union-mount (as opposed to unionfs) is the part of these changes. As for
> > voodoo dolls - nah. Not needed. That's what lusers are for.
>
> Or a LART...
What? Sticking pointy objects into 2-by-4, dipping it into
acid... ah, I see your point. Yes, it's safer from the sanitary
point of view, but there are good things to say about more hands-on
approach...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:12 EST