On Thu, 8 Apr 2021 18:12:18 +0200 Rhialto <rhia...@falu.nl> wrote: > I had the same idea in the past, but haven't done anything concrete with > it.
I'd like to give it a try. My big roadblock at the moment is how to add a system call. The only thing search engines are finding appear to be FreeBSD specific; is there a NetBSD guide or a man page for this? > For other things, like UIDs, GIDs, etc it is a bit trickier because you > could get multiple 'namespaces' using the same value and you can't even > prevent it without causing weird failures. For those, you'd need some > mapping layer somewhere to translate between global values and > inside-the-namespace values. There is something like that for stacked > file systems (mount_umap) but that won't be enough. > If kauth is preventing processes from any interaction, why do the UID/GID even matter anymore? Unless processes in different PID namespaces are also sharing the same filesystem. I can't think of a use case for that (Not that there isn't one :) -- Aaron B. <aa...@zadzmo.org>
