On Mon, Oct 14, 2013 at 2:58 PM, David Leverton <[email protected]> wrote: > > If only someone would invent some sort of kernel feature that could make the > name "/etc/mtab" refer to different files in different processes.... >
Well, the symlink seems like the simpler solution to be honest. I mean, instead of having the ps command to list running processes you could just have a daemon dump the list in a file every 10 seconds and have programs read it, but... However, FWIW, linux namespaces cannot be used to have only a single file appear differently to different processes. Mount namespaces can only operate at the directory level. I was actually looking into using namespaces as an alternative to the sandbox model portage currently uses. Basically you'd look at a package's DEPENDs and build a namespace containing only those files, and now devs don't inadvertently add ebuilds that are missing DEPENDs. A bit of a tangent, but the sandbox functionality in portage CAN be used to do just this with somewhat little effort. I've just never gotten around to trying it out. By default sandbox is told to give read-access to everything - the sandbox command does restrict both reads and writes already and if that configuration were made dynamic and set by portage per-package it would work just fine. I just figured namespaces would be a more elegant solution (it is also more secure, but security isn't really a concern here). Rich
