It is not true that "chroot is insecure on all platforms". All UNIXoid platforms. There are several ways to break out of a chroot on them.
If you are looking for an alternative, one that works and is actually used around the world, have a look at BSD jails. They provide a more thorough encapsulation than chroot. BSD jails use chroot AFAIK. You keep beating on subhurds, but you fail to show how they are relevant in this discussion at all. A subhurd is as relevant here as a second machine, with its own copy of the operating system. Right, a second machine is encapsulated, it can not access the files on the first machine. What's your point? My point is that a chroot() isn't suitable for us (in the current situation), and we should use something else instead of doing a full rewrite of everything. You are trying to fit the Hurd into POSIX, which is simply the wrong kind of thinking. _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
