GSoC Idea: per-process filesystem namespaces for FreeBSD

Warner Losh imp at
Tue Mar 13 21:43:12 UTC 2018

On Tue, Mar 13, 2018 at 1:55 PM, Kristoffer Eriksson <ske at> wrote:

> On 13 Mar 2018 12:53:18, Theron <theron.tarigo at> wrote:
> > For those unfamiliar with Plan9, here is a rough explanation of the
> > namespace feature: unlike in Unix, where all processes share the same
> > virtual filesystem, each process instead has its own view of the
> > filesystem according to what has been mounted ...
> What if I mount a new /etc with a passwd file where root has no
> password, and then run "su"?
> (How does Plan9 handle that?)

Plan9 handles that by having a daemon that does user authentication. It's
actually more complicated than that, but the machine owner has control over
who can do what. For this to work in FreeBSD, either we'd need to disallow
the 'file' type for passwd, or we'd have to do something sensible with
setuid programs. Well, maybe not 'or' but 'and' since the security of
setuid programs depends on the security of the filesystem.... Plan 9
doesn't have these complications, so it can offer a user malleable
filesystem without security risk.


More information about the freebsd-hackers mailing list