viewprinting processes and process oriented permissions got funded by DARPA

viewprinting processes and process oriented permissions got funded by DARPA

[Hans Reiser]

[-- Attachment #1: Type: text/plain, Size: 120 bytes --]

Details are attached (we discussed it on this list a bit in January, 
thanks for feedback you gave then....)

-- 
Hans


[-- Attachment #2: viewprinting.html --]
[-- Type: text/html, Size: 18423 bytes --]

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Andi Kleen]

Amazing. You managed to write all this without ever mentioning
that linux 2.6 already has per process name spaces (=views) in
form of CLONE_NS.

-Andi

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Hans Reiser]

Andi Kleen wrote:

>Amazing. You managed to write all this without ever mentioning
>that linux 2.6 already has per process name spaces (=views) in
>form of CLONE_NS.
>
>-Andi
>
>
>
>  
>
Can you specify exclude *.c in them?  I think that your =views is a 
simplistic statement.

-- 
Hans

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Andi Kleen]

On Tue, Apr 13, 2004 at 06:25:33PM -0700, Hans Reiser wrote:
> Andi Kleen wrote:
> 
> >Amazing. You managed to write all this without ever mentioning
> >that linux 2.6 already has per process name spaces (=views) in
> >form of CLONE_NS.
> >
> >-Andi
> Can you specify exclude *.c in them?  I think that your =views is a 
> simplistic statement.

You can add any files/directories you want (mount --bind). Excluding
is not directly supported. 
 
Doing it by directories is more natural though as it works with mount 
points. Basically it mirrors the plan9 implementation and in
plan9 it is extensively used. I don't know of any uses in Linux
so far, but the infrastructure is there in the kernel.

I don't doubt that your proposal is more powerful (and more complicated
and vapour right now), but I think you should mention prior work
in linux and plan9 before discussing clearcase at least.

-Andi

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Hans Reiser]

Andi Kleen wrote:

>On Tue, Apr 13, 2004 at 06:25:33PM -0700, Hans Reiser wrote:
>  
>
>>Andi Kleen wrote:
>>
>>    
>>
>>>Amazing. You managed to write all this without ever mentioning
>>>that linux 2.6 already has per process name spaces (=views) in
>>>form of CLONE_NS.
>>>
>>>-Andi
>>>      
>>>
>>Can you specify exclude *.c in them?  I think that your =views is a 
>>simplistic statement.
>>    
>>
>
>You can add any files/directories you want (mount --bind). Excluding
>is not directly supported. 
> 
>Doing it by directories is more natural though as it works with mount 
>points. Basically it mirrors the plan9 implementation and in
>plan9 it is extensively used. I don't know of any uses in Linux
>so far, but the infrastructure is there in the kernel.
>
>I don't doubt that your proposal is more powerful (and more complicated
>and vapour right now), but I think you should mention prior work
>in linux and plan9 before discussing clearcase at least.
>
>-Andi
>
>
>
>  
>
Clearcase is the most powerful instantiation of those ideas in 
filesystems, and predates plan 9 (it originated with Apollo).  I think 
that it is the appropriate reference academically.  Just because it is a 
piece of shit in its implementation details does not prevent it from 
standing head and shoulders above the rest of the field in its 
functionality.

I am still thinking through how we will implement views in Reiser4.  It 
needs to be efficient and scalable to large numbers of bindings.  I need 
to go reading through the per process name space code: I don't know if 
it will, for instance, scale to a thousand specifications.  Clearcase 
probably also would not.

I am thinking about whether we should exclude names before searching the 
FS for matches, or after.  I think before, but it needs a lot of thought.

-- 
Hans

Re: viewprinting processes and process oriented permissions got funded

[mjt]

Hans Reiser wrote:

>I am still thinking through how we will implement views in Reiser4.

A question of grace, again, if you please.

Does the current plugin architecture allow views to be implemented
directly or will it affect the on-disk layout in a manner which
requires mkfs?

I'm fairly certain that it should not require mkfs, but as something
of the local Reiser4 advocate I just want to make sure :)

BTW, the READ.ME for 2004.04.26:
d. readdir() over NFS has known problems.

I think I may be something of a successful advocate; a friend is considering
Reiser4 for his RAIDed NFS file server, because it needs an overhaul.

Although it's not a production system, I think his input on possible
failures would be welcome and of course some stability (no need to mkfs
a big-assed system) on the filesystem's part would be good to guarantee.

So, basically, have you decided on when the next snapshot is due
with NFS issues fixed? ;)

Thanks!

-- 
mjt

Re: viewprinting processes and process oriented permissions got funded

[Hans Reiser]

Markus Törnqvist wrote:

>Hans Reiser wrote:
>
>  
>
>>I am still thinking through how we will implement views in Reiser4.
>>    
>>
>
>A question of grace, again, if you please.
>
>Does the current plugin architecture allow views to be implemented
>directly or will it affect the on-disk layout in a manner which
>requires mkfs?
>
>I'm fairly certain that it should not require mkfs, but as something
>of the local Reiser4 advocate I just want to make sure :)
>
>BTW, the READ.ME for 2004.04.26:
>d. readdir() over NFS has known problems.
>
>I think I may be something of a successful advocate; a friend is considering
>Reiser4 for his RAIDed NFS file server, because it needs an overhaul.
>
>Although it's not a production system, I think his input on possible
>failures would be welcome and of course some stability (no need to mkfs
>a big-assed system) on the filesystem's part would be good to guarantee.
>
>So, basically, have you decided on when the next snapshot is due
>with NFS issues fixed? ;)
>
>Thanks!
>
>  
>
nikita is the one to ask about NFS.

any infrastructure required by views will be handled by creating new 
plugins, and won't require mkfs.  that is why we made the effort to 
create new plugins.

-- 
Hans

Re: viewprinting processes and process oriented permissions got funded

[Hans Reiser]

^new^infrastructure for

-- 
Hans

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Alexander Lyamin]

Wed, Apr 14, 2004 at 04:22:48AM +0200, Andi Kleen wrote:
> On Tue, Apr 13, 2004 at 06:25:33PM -0700, Hans Reiser wrote:
> > Andi Kleen wrote:
> > 
> > >Amazing. You managed to write all this without ever mentioning
> > >that linux 2.6 already has per process name spaces (=views) in
> > >form of CLONE_NS.
> > >
> > >-Andi
> > Can you specify exclude *.c in them?  I think that your =views is a 
> > simplistic statement.
> 
> You can add any files/directories you want (mount --bind). Excluding
> is not directly supported. 
>  
> Doing it by directories is more natural though as it works with mount 
> points. Basically it mirrors the plan9 implementation and in
> plan9 it is extensively used. I don't know of any uses in Linux
> so far, but the infrastructure is there in the kernel.

"prior work" is bold declaration.
idea is trivial. admit it. yet implementation is tricky.
especially implementation that would not kill perfomance/usability.


... there is nice english word "reinventing".

> I don't doubt that your proposal is more powerful (and more complicated
> and vapour right now), but I think you should mention prior work
theres two kinds of vapour.
just vapour and vapour with underlying infrastructure.
sounds just same, but really different.

> in linux and plan9 before discussing clearcase at least.

n.b. just my private oppinion.
-- 
"the liberation loophole will make it clear.."
lex lyamin

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Andi Kleen]

> especially implementation that would not kill perfomance/usability.

Linux already has such an implementation, even when Hans choses
to ignore the already existing namespace infrastructure (similar to the 
metas vs xattr incident). I guess it would not have made as pretty slides. 

-Andi

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Alexander Lyamin]

Wed, Apr 14, 2004 at 02:53:40PM +0200, Andi Kleen wrote:
> > especially implementation that would not kill perfomance/usability.
> 
> Linux already has such an implementation, even when Hans choses
> to ignore the already existing namespace infrastructure (similar to the 
> metas vs xattr incident). I guess it would not have made as pretty slides. 

than if its that comfy, i'm just stupid that i dont use it in my day-to-day life.
and i'll tell you what - there's a lots of distro's (even hatted ones) that may benefit
from that feature but dont using it.

people are so inert sometimes.
got me ? ;)

> -Andi

-- 
"the liberation loophole will make it clear.."
lex lyamin

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Andi Kleen]

> than if its that comfy, i'm just stupid that i dont use it in my day-to-day life.

Possible. It depends on what you're doing day-to-day.

> and i'll tell you what - there's a lots of distro's (even hatted ones) that may benefit
> from that feature but dont using it.
> 
> people are so inert sometimes.
> got me ? ;)

No, not really. 

You're saying it's useless because it is not widely used yet?

The per process name spaces seem to be not widely used yet, but some 
of the other features of the namespace architecture are (like --bind 
mounts). That's probably because the feature only appeared in 2.6
and is still to new. --bind also took some time to catch on after
it appeared in 2.4. 

Anyways I will shut up on this now and not disturb you further in your
quest of reinventing the wheel.

-Andi

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Alexander Lyamin]

Wed, Apr 14, 2004 at 05:28:04PM +0200, Andi Kleen wrote:
> > than if its that comfy, i'm just stupid that i dont use it in my day-to-day life.
> 
> Possible. It depends on what you're doing day-to-day.
> 
> > and i'll tell you what - there's a lots of distro's (even hatted ones) that may benefit
> > from that feature but dont using it.
> > 
> > people are so inert sometimes.
> > got me ? ;)
> 
> No, not really. 
> 
> You're saying it's useless because it is not widely used yet?
> 
> The per process name spaces seem to be not widely used yet, but some 
> of the other features of the namespace architecture are (like --bind 
> mounts). That's probably because the feature only appeared in 2.6
> and is still to new. --bind also took some time to catch on after
> it appeared in 2.4. 
> 
> Anyways I will shut up on this now and not disturb you further in your
> quest of reinventing the wheel.

thanks.
actually its a quest for holy grail.

-- 
"the liberation loophole will make it clear.."
lex lyamin

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Nikita Danilov]

Alexander Lyamin writes:
 > Wed, Apr 14, 2004 at 05:28:04PM +0200, Andi Kleen wrote:
 > > > than if its that comfy, i'm just stupid that i dont use it in my day-to-day life.
 > > 
 > > Possible. It depends on what you're doing day-to-day.
 > > 
 > > > and i'll tell you what - there's a lots of distro's (even hatted ones) that may benefit
 > > > from that feature but dont using it.
 > > > 
 > > > people are so inert sometimes.
 > > > got me ? ;)
 > > 
 > > No, not really. 
 > > 
 > > You're saying it's useless because it is not widely used yet?
 > > 
 > > The per process name spaces seem to be not widely used yet, but some 
 > > of the other features of the namespace architecture are (like --bind 
 > > mounts). That's probably because the feature only appeared in 2.6
 > > and is still to new. --bind also took some time to catch on after
 > > it appeared in 2.4. 
 > > 
 > > Anyways I will shut up on this now and not disturb you further in your
 > > quest of reinventing the wheel.
 > 
 > thanks.
 > actually its a quest for holy grail.

It's always tempting to point new-fangled Knights of the Round Table to
the fact that historic prototype of their master (King Arthur, that is)
was Atilla the Hun---a man who murdered millions of people and almost
reduced civilization in the West Eurasia to the dust.

An identification of inevitable Aetius (because history in its infinite
wisdom always keeps somebody to meet barbarians with mighty encounter)
is left as an exercise to the curious reader.

 > 
 > -- 
 > "the liberation loophole will make it clear.."
 > lex lyamin

Nikita.

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Rudy L. Zijlstra]

Nikita Danilov wrote:

> > thanks.
> > actually its a quest for holy grail.
>
>It's always tempting to point new-fangled Knights of the Round Table to
>the fact that historic prototype of their master (King Arthur, that is)
>was Atilla the Hun---a man who murdered millions of people and almost
>reduced civilization in the West Eurasia to the dust.
>
>An identification of inevitable Aetius (because history in its infinite
>wisdom always keeps somebody to meet barbarians with mighty encounter)
>is left as an exercise to the curious reader.
>
>
>  
>
See http://myron.sjsu.edu/romeweb/ROMARMY/art13.htm for more information 
on Flavius Aetius, murdered by his own emperor AD 454.
I was surprised by the time. I thought Attila to be earlier.

Rudy

>Nikita.
>  
>

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Hans Reiser]

Is there a URL on King Arthur being Attila?  This doesn't sound right to 
me,;-)  but of course, he who wins gets to speak the oral history....

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Nikita Danilov]

Hans Reiser writes:
 > Is there a URL on King Arthur being Attila?  This doesn't sound right to 
 > me,;-)  but of course, he who wins gets to speak the oral history....

Disgooglexic, eh? :)

http://www.uwo.ca/english/florilegium/vol-xi/ridley.pdf

Nikita.

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Hans Reiser]

Nikita Danilov wrote:

>Hans Reiser writes:
> > Is there a URL on King Arthur being Attila?  This doesn't sound right to 
> > me,;-)  but of course, he who wins gets to speak the oral history....
>
>Disgooglexic, eh? :)
>
>http://www.uwo.ca/english/florilegium/vol-xi/ridley.pdf
>
>Nikita.
>
>
>  
>
Florence Ridley seems to typify the sort of literary analysis that 
dominates western academia, and discredits it in the eyes of many 
including me.

Her style of analysis is far from scientifically rigorous.  She suggests 
that they are one not really because it is reasonable to think that they 
are, but because it is provocative and truth has little import for her kind.

There is a whole cast of literary analysis professors who lack the 
ability to produce literature themselves, and have a love for literature 
that allows them to invent as they please when analyzing it.  Thus they 
love Henry James.

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Nikita Danilov]

Hans Reiser writes:
 > Nikita Danilov wrote:
 > 
 > >Hans Reiser writes:
 > > > Is there a URL on King Arthur being Attila?  This doesn't sound right to 
 > > > me,;-)  but of course, he who wins gets to speak the oral history....
 > >
 > >Disgooglexic, eh? :)
 > >
 > >http://www.uwo.ca/english/florilegium/vol-xi/ridley.pdf
 > >
 > >Nikita.
 > >
 > >
 > >  
 > >
 > Florence Ridley seems to typify the sort of literary analysis that 
 > dominates western academia, and discredits it in the eyes of many 
 > including me.
 > 
 > Her style of analysis is far from scientifically rigorous.  She suggests 
 > that they are one not really because it is reasonable to think that they 
 > are, but because it is provocative and truth has little import for her kind.

At least they don't go as low as to substitute personal attacks for the
critics.

Identity of King Arthur and Attila the Hun is well and widely known. If
you don't like "academia" start by reading "The song of the Niebelungs",
where Attila acts under the name of Atzel/Etzel and is obviously
reminiscent of King Arthur in the character.

 > 
 > There is a whole cast of literary analysis professors who lack the 
 > ability to produce literature themselves, and have a love for literature 
 > that allows them to invent as they please when analyzing it.  Thus they 
 > love Henry James.
 > 

Software Engineering equivalent of this are, presumably, condescending
architects who love Plan9.

 > 

Nikita.

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Hans Reiser]

Hans Reiser wrote:

> Nikita Danilov wrote:
>
>> Hans Reiser writes:
>> > Is there a URL on King Arthur being Attila?  This doesn't sound 
>> right to > me,;-)  but of course, he who wins gets to speak the oral 
>> history....
>>
>> Disgooglexic, eh? :)
>>
>> http://www.uwo.ca/english/florilegium/vol-xi/ridley.pdf
>>
>> Nikita.
>>
>>
>>  
>>
> Florence Ridley seems to typify the sort of literary analysis that 
> dominates western academia, and discredits it in the eyes of many 
> including me.
>
> Her style of analysis is far from scientifically rigorous.  She 
> suggests that they are one not really because it is reasonable to 
> think that they are, but because it is provocative and truth has 
> little import for her kind.
>
> There is a whole cast of literary analysis professors who lack the 
> ability to produce literature themselves, and have a love for 
> literature that allows them to invent as they please when analyzing 
> it.  Thus they love Henry James.
>
>
>
>
Probably I forgot to take Nikita's remark in the good humor it was 
intended.;-)

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Hans Reiser]

Andi Kleen wrote:

>>especially implementation that would not kill perfomance/usability.
>>    
>>
>
>Linux already has such an implementation, even when Hans choses
>to ignore the already existing namespace infrastructure (similar to the 
>metas vs xattr incident). I guess it would not have made as pretty slides. 
>
>-Andi
>
>
>
>  
>
I think you got out on the wrong side of the bed this morning....;-)

-- 
Hans

Re: viewprinting processes and process oriented permissions got funded by DARPA

[David Masover]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't know how relevant this is to the discussion about
filesystem-based security, but one thing I've wanted to do is limit huge
portions of a program in security.  Imagine a browser that let
Javascript play with everything _inside_ the browser, but had to go
through a common interface before it could create files or connect out?
~ At least with the files, it gives a chance to prompt the user.

In general, I like that better than I like parsing out "bad code".  But
I have never seen a method to create something like that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIVAwUBQHyVPngHNmZLgCUhAQKweA/9HzP90oiJCFydU77Ga7sYimfwHzeq3XPM
byTiGWip0ro93ZOxAm/7O5wwCp4DlEZYL7+Su43VVfjeSP5Kz3KwmCN6GjO7BUO+
mZORAGRoe9H0Uk8W5weTQJjhn8KYXpm8R6Ls8wu9AE0xWiLd1gqsukLoekHQjt+Z
JrN6r7ETrXQ5rN1jaYSCC3CWzX8u0HJLmwpdNCcfhMgQ70gSUgmRjcXyIl6+d7Y+
RyzTjMrv6i6sbw8MwHnWH2LLy26NeHt5xdr9V5CTsLEORr2wdBjATxjQC0TzQxpu
yB/cRLDxrtsRkaYhoUUnzFIR5C6EHauPXpbevF7Yl7E4FpJQhBH7jcAbhHztKP0U
+yDZylbj+7cTcZ7Kd9CISDX3QW0Zgl0KSWihCEtMUR/z+QHpYbHfveYZSZioCPoK
kMUmYsg6YHUQKCwrwfrEqZYZJgS3k71/iDdpDQCQBnMW4ZAHd0MWNk4ApsdTp8N3
1sV7UCqXPfMERMjrdeP+P/aH5h3/vCvtEUkquQVqb7C124pxrXD0nL8mhebBMVey
mZFGqwdprUVNLhwkV8iqz2/WMqrnZt8Q2hnZybXU2dtWe77ffGBbQwb1jJgE1OZJ
dK6ET/B0Ppy1gu9Up93Qu1BeGiwo7Jd2cJjjl0av7jM7GmbuxcqxNo5tzPkuWRHI
S3TJpnBStIM=
=d1qP
-----END PGP SIGNATURE-----

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 1028 bytes --]

On Tue, 13 Apr 2004 20:34:54 CDT, David Masover <ninja@slaphack.com>  said:

> I don't know how relevant this is to the discussion about
> filesystem-based security, but one thing I've wanted to do is limit huge
> portions of a program in security.  Imagine a browser that let
> Javascript play with everything _inside_ the browser, but had to go
> through a common interface before it could create files or connect out?
> ~ At least with the files, it gives a chance to prompt the user.

That was the original Java "sandbox" model.  Javascript is a broken
abortion of a scripting language that has a similar name, but no coherent
security model.

> In general, I like that better than I like parsing out "bad code".  But
> I have never seen a method to create something like that.

You might want to look at http://www.nsa.gov/selinux and friends - that's
designed to restrict what a specific program can do.  It's included in Fedora Core
and a number of other distro's test branches.  There's even a policy for 'mozilla' :)



[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: viewprinting processes and process oriented permissions got funded by DARPA

[Narcoleptic Electron]

Hans Reiser wrote: 

> Details are attached (we discussed it on this list a
> bit in January, 
> thanks for feedback you gave then....)

Interesting stuff.  I'll have to read it a couple of
times.

Seems to have a lot of similarities to a true
capability-based system such as EROS
(www.eros-os.org).


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca