Re: XIP

2010-10-26 Thread Chuck Silvers
On Mon, Oct 25, 2010 at 02:09:43AM +0900, Masao Uebayashi wrote: > I think the uebayasi-xip branch is ready to be merged. hi, here's what I found looking at the current code in the branch: - the biggest issue I had with the version that I reviewed earlier was that it muddled the notion of a

Re: Capsicum: practical capabilities for UNIX

2010-10-26 Thread David Young
On Tue, Oct 26, 2010 at 01:04:30PM +0200, Jean-Yves Migeon wrote: > > On Mon, 25 Oct 2010 20:13:16 -0500, David Young wrote: > > I've been wondering if the dynamic linker could simulate access to > > the global namespace by supplying alternate system-call stubs. Say > > rtld-elf-cap supplies its

Re: Capsicum: practical capabilities for UNIX

2010-10-26 Thread Masao Uebayashi
On Mon, Oct 25, 2010 at 08:13:16PM -0500, David Young wrote: > On Fri, Sep 24, 2010 at 02:46:10PM -0500, David Young wrote: > > A couple of weeks ago I read a paper on Capsicum, a > > "lightweight OS capability and sandbox framework," > > . Caps

Re: Capsicum: practical capabilities for UNIX

2010-10-26 Thread David Young
On Tue, Oct 26, 2010 at 02:33:40PM +0300, Antti Kantee wrote: > On Tue Oct 26 2010 at 13:04:30 +0200, Jean-Yves Migeon wrote: > > > > On Mon, 25 Oct 2010 20:13:16 -0500, David Young wrote: > > > I've been wondering if the dynamic linker could simulate access to > > > the global namespace by suppl

Re: Capsicum: practical capabilities for UNIX

2010-10-26 Thread David Young
On Tue, Oct 26, 2010 at 06:44:48AM +0300, Jukka Ruohonen wrote: > On Mon, Oct 25, 2010 at 07:28:56PM -0500, David Young wrote: > > The chief difference I see between a process limited by Capsicum and > > a process limited by Systrace is that the Capsicum-limited process > > has only the privileges

Re: XIP

2010-10-26 Thread Masao Uebayashi
> http://uebayasi.dyndns.org/~uebayasi/tmp/bsdcon-2010-xip.pdf http://uebayasi.dyndns.org/~uebayasi/tmp/bsdcan-2010-xip.pdf ^^

Re: Capsicum: practical capabilities for UNIX

2010-10-26 Thread Antti Kantee
On Tue Oct 26 2010 at 13:04:30 +0200, Jean-Yves Migeon wrote: > > On Mon, 25 Oct 2010 20:13:16 -0500, David Young wrote: > > I've been wondering if the dynamic linker could simulate access to > > the global namespace by supplying alternate system-call stubs. Say > > rtld-elf-cap supplies its own

Re: Capsicum: practical capabilities for UNIX

2010-10-26 Thread Jean-Yves Migeon
On Mon, 25 Oct 2010 20:13:16 -0500, David Young wrote: > I've been wondering if the dynamic linker could simulate access to > the global namespace by supplying alternate system-call stubs. Say > rtld-elf-cap supplies its own open(2) stub, for example, that searches > Capsicum's fdlist for a suit

Re: CVS commit: src/bin/cp

2010-10-26 Thread David Holland
On Mon, Oct 25, 2010 at 05:49:11PM +0100, David Laight wrote: > > No, since in general the file is also being extended (certainly in > > this case it is) it also has to lock the file size, and that's going > > to deny stat() until it's done. > > A stat request during a write can safely return

Re: XIP

2010-10-26 Thread Alan Barrett
On Tue, 26 Oct 2010, Alan Barrett wrote: > Would memory disks (such as md(4)) also benefit from XIP, or do they > already do something to avoid having multiple copies of the same data? Never mind. I see you discuss this in section 11.6 of the paper. --apb (Alan Barrett)