cvs commit: src/usr.bin/killall killall.1 killall.c
src/usr.sbin Makefile src/usr.sbin/jail jail.8 jail.c
src/usr.sbin/jexec Makefile jexec.8 jexec.c src/usr.sbin/jls
Makefile jls.8 jls.c
Robert Watson
rwatson at FreeBSD.org
Wed Apr 9 16:48:43 PDT 2003
On Wed, 9 Apr 2003, Nate Lawson wrote:
> On Wed, 9 Apr 2003, Alfred Perlstein wrote:
> > * Robert Watson <rwatson at FreeBSD.org> [030409 16:24] wrote:
> > >
> > > On Thu, 10 Apr 2003, Pawel Jakub Dawidek wrote:
> > > >
> > > > And there can't be names spoofing. (If, ofcourse '.' is invalid char in
> > > > jail name:)).
> > >
> > > Sounds reasonable to me, although a bit more trouble to parse and render
> > > :-).
> >
> > And what kind of path seperator is '.'?
>
> Exactly. What you're describing would be better implemented as a
> pseudo-fs layer. In fact, that would remove the need for separate j*
> utilities.
I thought we were trying to get away from synthetic file systems with
terrible security properties. In fact, we specifically toasted procfs
because it behaved so badly; kernfs went down the tubes because the
semantic match was very poor, and sysctl is in.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the cvs-src
mailing list