From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Waychison Subject: Re: Using fs views to isolate untrusted processes: I need an assistant architect in the USA for Phase I of a DARPA funded linux kernel project Date: Wed, 25 Aug 2004 17:23:05 -0400 Message-ID: <412D0339.3080601@sun.com> References: <410D96DC.1060405@namesys.com> <20040825205618.GA7992@hockin.org> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: list-help: list-unsubscribe: list-post: Errors-To: flx@namesys.com In-reply-to: <20040825205618.GA7992@hockin.org> List-Id: Content-Type: text/plain; charset="us-ascii" To: Tim Hockin Cc: Rik van Riel , Hans Reiser , LKML , ReiserFS List -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Hockin wrote: > On Wed, Aug 25, 2004 at 04:25:24PM -0400, Rik van Riel wrote: > >>>You can think of this as chroot on steroids. >> >>Sounds like what you want is pretty much the namespace stuff >>that has been in the kernel since the early 2.4 days. >> >>No need to replicate VFS functionality inside the filesystem. > > > When I was at Sun, we talked a lot about this. Mike, does Sun have any > iterest in this? Not that I know of. I believe the functionality Hans is looking for has already been handled by SELinux. What is needed (if it doesn't already exist) is a tool to gather these 'viewprints' automagically. - -- Mike Waychison Sun Microsystems, Inc. 1 (650) 352-5299 voice 1 (416) 202-8336 voice http://www.sun.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: The opinions expressed in this email are held by me, and may not represent the views of Sun Microsystems, Inc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBLQM4dQs4kOxk3/MRArXMAJ0WTzw8L/vLNO3lYwkCdGJGrzRBKgCcD7l7 w6eSrLFYVHoQ9CiAruQCV9E= =PVV9 -----END PGP SIGNATURE-----