On Thu 15 Nov 2012 at 20:18:56 -0600, David Young wrote: > Label a file descriptor with the root that was in effect when it was created > by, say, open(2). The effective root will never change over the > lifetime of that descriptor.
As devil's advocate: How does this relate to the proposed pivot_root system call? [...] > Maybe we can weaken fexecve()'s requirement on the effective root of z > to "root(z) must be reachable from the effective root," but I think that > that might be much more complicated. I believe such a check is already done inside the chroot(2) call so it would be doable. [...] > Also, enforcing access along "effective roots" lines may be inflexible > or unwieldy, maybe a more abstract notion of "process coalition" is > better. Let each new root have a corresponding new coalition, but > perhaps we should be able to create a new coalition without changing > root, and change root without changing coalition. That would make yet another process grouping, confusingly (dis)similar to process groups, controlling-terminal groups, sessions, (and am I forgetting more perhaps?) > Dave -Olaf. -- ___ Olaf 'Rhialto' Seibert -- There's no point being grown-up if you \X/ rhialto/at/xs4all.nl -- can't be childish sometimes. -The 4th Doctor