Re: [PATCH] Add a /proc/self/exedir link

[Mike Hearn]

> I think if we can fix namespaces you don't have to be root to use
> them that is a superioir approach, and will cover more cases.

That would be nice. I assumed they needed root for security reasons 
rather than architectural reasons.

> I have concerns about security policy ...

I'm not sure I understand. Only if you run that program, and if you 
don't have access to the intermediate directory, how do you run it?

> This means I can not run any of your relocatable executalbes in 
> a chroot environment unless I mount proc.

Why is mounting proc a bad thing? I have never seen a Linux distro that 
does not provide proc and many desktop-level things depend on it.

> Given how long we have been without this I doubt many people actually
> care

You could argue the same for any new feature. Writing relocatable 
software on UNIX is absolutely standard, except it's done at source 
compile time not runtime. That fits with the traditional UNIX culture of 
compiling software to install it, but the times they are a changin :)

> I'm not certain the directory of an inode even makes sense, and
> that is what you are asking for us to export.

How so? The code does work, though I guess you could devise a scenario 
in which there is a running executable that is not attached to any 
directory.

thanks -mike
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/