From: Hans Reiser <reiser@namesys.com>
To: Mike Waychison <Michael.Waychison@Sun.COM>
Cc: Kyle Moffett <mrmacman_g4@mac.com>,
Tim Hockin <thockin@hockin.org>,
LKML <linux-kernel@vger.kernel.org>,
Rik van Riel <riel@redhat.com>,
ReiserFS List <reiserfs-list@namesys.com>,
George Beshers <gbeshers@comcast.net>
Subject: Re: Using fs views to isolate untrusted processes: I need an assistant architect in the USA for Phase I of a DARPA funded linux kernel project
Date: Thu, 26 Aug 2004 00:52:36 -0700 [thread overview]
Message-ID: <412D96C4.3030302@namesys.com> (raw)
In-Reply-To: <412D2BD2.2090408@sun.com>
Mike Waychison wrote:
>
>
> If I understand what Hans is looking to get done, he's asking for
> someone to architect a system where any given process can be restricted
> to seeing/accessing a subset of the namespace (in the sense of "a tree
> of directories/files"). Eg: process Foo is allowed access to write to
> /etc/group, but _not_ allowed access to /etc/shadow, under any
> circumstances && Foo will be run as root. Hell, maybe Foo is never able
> to even _see_ /etc/shadow (making it a true shadow file :).
You are correct, you cannot even see /etc/shadow.
The term mask may be more communicative than view. We are starting to
use the term mask.
>
> Hans, correct me if I misunderstood.
>
> [*] Somebody really should s/struct namespace/struct mounttable/g (or
> even mounttree) on the kernel sources. 'Namespace' isn't very
> descriptive and it leads to confusion :(
>
> --
> Mike Waychison
> Sun Microsystems, Inc.
> 1 (650) 352-5299 voice
> 1 (416) 202-8336 voice
> http://www.sun.com
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> NOTICE: The opinions expressed in this email are held by me,
> and may not represent the views of Sun Microsystems, Inc.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
next prev parent reply other threads:[~2004-08-26 7:52 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-02 1:20 Using fs views to isolate untrusted processes: I need an assistant architect in the USA for Phase I of a DARPA funded linux kernel project Hans Reiser
2004-08-25 20:25 ` Rik van Riel
2004-08-25 20:56 ` Tim Hockin
2004-08-25 21:23 ` Mike Waychison
2004-08-26 6:31 ` Hans Reiser
2004-08-26 13:59 ` Stephen Smalley
2004-08-25 23:19 ` Kyle Moffett
2004-08-26 0:16 ` Mike Waychison
2004-08-26 0:50 ` Kyle Moffett
2004-08-26 1:06 ` Chris Wright
2004-08-26 4:16 ` Kyle Moffett
2004-08-26 4:29 ` viro
2004-08-26 4:52 ` Kyle Moffett
2004-08-26 5:01 ` viro
2004-08-26 0:56 ` Chris Wright
2004-08-26 7:52 ` Hans Reiser [this message]
2004-08-26 8:48 ` Hans Reiser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=412D96C4.3030302@namesys.com \
--to=reiser@namesys.com \
--cc=Michael.Waychison@Sun.COM \
--cc=gbeshers@comcast.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mrmacman_g4@mac.com \
--cc=reiserfs-list@namesys.com \
--cc=riel@redhat.com \
--cc=thockin@hockin.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox