On Mon, Apr 17, 2000 at 11:45:25PM -0400, Alexander Viro wrote:
> On 17 Apr 2000, david parsons wrote:
> > I'd think it would be somewhat better to patch devfs so that it can
> > only be mounted once (as a quick fix to the technical issues that
> > are now being mentioned; if there are other technical issues with
> Erm... David, unfortunately Richard wants to be able to have subsets of
> the tree to be mounted in chroot jails. It's trivial if we just
> union-mount pieces (each piece shared between all mountpoints where it's
> going to be visible) and it's a huge PITA if we keep them as parts of one
> fs. Notice that all _code_ may be very well shared - just that you want to
> have a separate struct super_block and a dentry tree for each piece.
On this (subsets of the tree to be mounted in chrooted jails) I
HAVE to agree with Richard, and/or the guys that are saying piss on
Richard, just use FS based special devices like we always have. If we
have the full set of devices in the chrooted jails, like we have in the
main OS, or if we have any form of mknod, we might as well not even
bother with chroot. There are too many known ways out if you allow
access to things like /dev/kmem and such. I hadn't considered the
multiplicity of mounts (consider virtual servers - YUCK! Non-op! Dain
Bramage alert!) but these create a whole new mess for admins of advanced
sites. How DO you manage these things where you want to control what
does and does NOT show up under different mounts? I think the multitudes
of dentries is the least of our problems there and that's bad enough. This
opens a whole new can of worms on the security front... Sigh...
> Basically that's the how Richard had managed to piss me off _big_ _way_ -
> he had heard about that problem many times and he just keeps ignoring it.
> [union-mount]
> > This, on the other hand, is a non-ick, since a working union-mount
> > would be a Good Thing, and perhaps a larger body of code that
> > requires it would shake it out. (Though if Al Viro is the only
> > person working on it, me might not appreciate the extra stress.
> > Hopefully RH is keeping his office well stocked with devfs voodoo
> > dolls)
> union-mount (as opposed to unionfs) is the part of these changes. As for
> voodoo dolls - nah. Not needed. That's what lusers are for.
Or a LART...
> > david parsons \bi/ automount. Shudder.
[...]
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:12 EST