Usign #X means doing a mount (you are attaching to the root
of the driver's tree).
However, for, drivers with letters |decp
you can always attach to them no matter if RFNOMNT was
used.
Probably it was considered too restrictive not doing so, but that's IMHO.
On Sat, Jan 3, 2009 at 10:56 PM, Roman V. Shaposhnik <r...@sun.com> wrote:
> On Sat, 2009-01-03 at 16:46 -0500, erik quanstrom wrote:
>> > while replying to Nathaniel's post it dawned on
>> > me that something like this:
>> > open("#c/cons", OWRITE|OCEXEC);
>> > completely breaks the paradigm of namespaces.
>> >
>> > IOW, if I wanted to construct a namespace with
>> > a specially crafted server offering /dev/cons,
>> > the above would easily break out of that jail.
>>
>> see RFNOMNT in rfork(2).
>
> Did you see the example I provided in the original
> email? "rfork m" is *exactly* RFNOMNT. And it doesn't
> seem to work for one simple reason: RFNOMNT doesn't
> restrict bind(2).
>
> So the question still stands.
>
> Thanks,
> Roman.
>
>
>
