Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261775AbVDZUJx (ORCPT ); Tue, 26 Apr 2005 16:09:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261772AbVDZUJf (ORCPT ); Tue, 26 Apr 2005 16:09:35 -0400 Received: from mail-in-05.arcor-online.net ([151.189.21.45]:45272 "EHLO mail-in-05.arcor-online.net") by vger.kernel.org with ESMTP id S261767AbVDZUJT (ORCPT ); Tue, 26 Apr 2005 16:09:19 -0400 Date: Tue, 26 Apr 2005 22:08:15 +0200 (CEST) From: Bodo Eggert <7eggert@gmx.de> To: Bryan Henderson Cc: Bodo Eggert <7eggert@gmx.de>, akpm@osdl.org, Jan Hudec , hch@infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Miklos Szeredi , viro@parcelfarce.linux.theplanet.co.uk Subject: Re: [PATCH] private mounts In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2048 Lines: 54 On Tue, 26 Apr 2005, Bryan Henderson wrote: > >> >mknamespace -p users/$UID # (like mkdir -p) > >> >setnamespace users/$UID # (like cd) > >> ^^^^^^^^ > >> > >> You realize that 'cd' is a shell command, and has to be, I hope. That > >> little fact has thrown a wrench into many of the ideas in this thread. > > > >I suppose it will be called by the login process or by wrappers like > >'nice'. > > Just to be clear, then: this idea is fundamentally different from the > mkdir/cd analogy the thread starts with above. NACK, it's very similar to the cd "$HOME" (or ulimit calls) done by the login mechanism, except for the fact that no shell does implement a setnamespace command and therefore can't leave that namespace. If the shell were actually modified to implement setnamespace, that command would be exactly like the cd command. The wrapper I mentioned will usurally not be needed for normal operation, but if users want additional private namespaces, they'll need this seperate wrapper (or to modify the application or the shell) in order to switch into them. > And it misses one rather > important requirement compared to mkdir/cd: You can't add a new mount to > an existing shell. The mount would be a part of the current namespace, which is shared across all current user processes unless they are started without login (e.g. procmail[0]) or running in a different namespace (the user called setnamespace). [0] If you want procmail in a user namespace, use a wrapper like ---/usr/bin/procmail--- #!/bin/sh exec /usr/bin/setnamespace /users/"$UID" -- /usr/bin/procmail.bin "$@" --- BTW: I think the namespaces will need the normal file permissions. -- Fun things to slip into your budget Paradigm pro-activator (a whole pack) (you mean beer?) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/