The other thought that comes to mind is to consider something
like class based queuing (from the networking world). That
is, allow choice of different allocation/scheduling/resource
use policies and allow further subdivision.
As with jail, this is also present in FreeBSD, I believe. It's called
'login classes.' Although it's probably not as flexible as you'd want it to
be.
--On Thursday, April 16, 2009 7:07 PM -0700 Bakul Shah
<[email protected]> wrote:
On Thu, 16 Apr 2009 21:25:06 EDT "Devon H. O'Dell"
<[email protected]> wrote:
That said, I don't disagree. Perhaps Plan 9's environment hasn't been
assumed to contain malicious users. Which brings up the question: Can
Plan 9 be safely run in a potentially malicious environment? Based on
this argument, no, it cannot. Since I want to run Plan 9 in this sort
of environment (and thus move away from that assumption), I want to
address these problems, and I kind of feel like it's weird to be
essentially told, ``Don't do that.''
Why not give each user a virtual plan9? Not like vmware/qemu
but more like FreeBSD's jail(8), "done more elegantly"[TM]!
To deal with potentially malicious users you can virtualize
resources, backed by limited/configurable real resources.
The other thought that comes to mind is to consider something
like class based queuing (from the networking world). That
is, allow choice of different allocation/scheduling/resource
use policies and allow further subdivision. Then you can give
preferential treatment to known good guys. Other users can
still experiment to their heart's content within the
resources allowed them.
My point being think of a consistent high level model that
you like and then worry about implementation details.
