Mike Waychison wrote:
Tim Hockin wrote:
On Wed, Aug 25, 2004 at 04:25:24PM -0400, Rik van Riel wrote:
You can think of this as chroot on steroids.
Sounds like what you want is pretty much the namespace stuff
that has been in the kernel since the early 2.4 days.
No need to replicate VFS
Mike Waychison wrote:
If I understand what Hans is looking to get done, he's asking for
someone to architect a system where any given process can be restricted
to seeing/accessing a subset of the namespace (in the sense of a tree
of directories/files). Eg: process Foo is allowed access to write
On Sun, 1 Aug 2004, Hans Reiser wrote:
You can think of this as chroot on steroids.
Sounds like what you want is pretty much the namespace stuff
that has been in the kernel since the early 2.4 days.
No need to replicate VFS functionality inside the filesystem.
--
Debugging is twice as hard
On Wed, Aug 25, 2004 at 04:25:24PM -0400, Rik van Riel wrote:
You can think of this as chroot on steroids.
Sounds like what you want is pretty much the namespace stuff
that has been in the kernel since the early 2.4 days.
No need to replicate VFS functionality inside the filesystem.
When
On Thu, Aug 26, 2004 at 12:52:37AM -0400, Kyle Moffett wrote:
Where would I increase the hash size if I wanted to increase the number
of bindings by an order of magnitude or so? I'm very interested in
pursuing this possibility, because when combined with the procedure I
described earlier,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hubert Chan wrote:
|David == David Greaves [EMAIL PROTECTED] writes:
|
|
| David It sounds like running exe's setgid (or addgid?) and then
having acls.
| David But then the acls are not tied to the file objects, more appended
| David to the file acl
Le Mon, 02 Aug 2004 20:04:34 -0400, Hubert Chan [EMAIL PROTECTED] a écrit :
Possibly. But, from my understanding of views, apache would not even
be able to see that /etc/passwd exists -- it is not just limited to not
being able to read it. I don't think you can do that with acls, and
still
Hans Reiser wrote:
You can think of this as chroot on steroids. The idea is to use the
concept of views, in which one specifies a description of what in the fs
should be visible in the view, and extend them to become tracing views
which automate the creation of viewprints, which contain what a
Christian == Christian Mayrhuber [EMAIL PROTECTED] writes:
Christian Linux VServer might be a project that already tries to
Christian accomplish this task.
After poking around the linux-veserver.org page, it sounds like Linux
VServer is completely different from what Hans/Namesys is trying to
Hubert Chan wrote:
Christian == Christian Mayrhuber [EMAIL PROTECTED] writes:
Christian Linux VServer might be a project that already tries to
Christian accomplish this task.
After poking around the linux-veserver.org page, it sounds like Linux
VServer is completely different from
On Monday 02 August 2004 19:29, Hubert Chan wrote:
Christian == Christian Mayrhuber [EMAIL PROTECTED]
writes:
Christian Linux VServer might be a project that already tries to
Christian accomplish this task.
After poking around the linux-veserver.org page, it sounds like Linux
VServer is
Christian Mayrhuber wrote:
On Monday 02 August 2004 19:29, Hubert Chan wrote:
Christian == Christian Mayrhuber [EMAIL PROTECTED]
writes:
Christian Linux VServer might be a project that already tries to
Christian accomplish this task.
After poking around the linux-veserver.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hubert Chan wrote:
|Christian == Christian Mayrhuber [EMAIL PROTECTED]
writes:
|
|
| Christian Linux VServer might be a project that already tries to
| Christian accomplish this task.
|
| After poking around the linux-veserver.org page, it sounds like
David == David Greaves [EMAIL PROTECTED] writes:
David It sounds like running exe's setgid (or addgid?) and then having acls.
David But then the acls are not tied to the file objects, more appended
David to the file acl list by 'pattern' according to the exe.
Possibly. But, from my
It sounds closer to trustees than ACLs - permissions applied higher in the
tree apply to lower objects by default, unless inheritance is explicitly
denied. Except this is done per process, not per user/group. Presumably,
other processes would not be able to see what a process' view is).
Now,
15 matches
Mail list logo
