2009/4/17 Bakul Shah <bakul+pl...@bitblocks.com>: > On Thu, 16 Apr 2009 22:19:21 EDT "Devon H. O'Dell" <devon.od...@gmail.com> > wrote: >> 2009/4/16 Bakul Shah <bakul+pl...@bitblocks.com>: >> > Why not give each user a virtual plan9? Not like vmware/qemu >> > but more like FreeBSD's jail(8), "done more elegantly"[TM]! >> > To deal with potentially malicious users you can virtualize >> > resources, backed by limited/configurable real resources. >> >> I saw a talk about Mult at DCBSDCon. I think it's a much better idea >> than FreeBSD jail(8), and its security is provable. >> >> See also: http://mult.bsd.lv/ > > But is it elegant?
Rather. > [Interviewer: What do you think the analog for software is? > Arthur Whiteny: Poetry. > Interviewer: Poetry captures the aesthetics, but not the precision. > Arthur Whiteny: I don't know, may be it does. > -- ACM Queue Feb/Mar 2009, page 18. > http://mags.acm.org/queue/20090203] > > Perhaps Plan9's model would be easier (and more fun) to > extend to accomplish this. One can already have a private > namespace. How about changing proc(3) to show only your > login process and its descendents? What if each user can have > a separate IP stack, separate (virtualized) interfaces and so > on? But you'd have to implement some sort of limits on > oversubcribing (ratio of virtual to real resources). Unlike > securitization in the hedge fund world. > >