On Dec 2, 2008, at 5:36 PM, Dan Cross wrote:
On Tue, Dec 2, 2008 at 7:07 PM, erik quanstrom
<[EMAIL PROTECTED]> wrote:
currently one can prevent external changes to a
namespace by creating a unique ns with rfork.
if /proc/$pid/ns were writable, one would not not
be possible without yet another mechanism.
chmod? I guess it comes back to, "How do you define external." If
you mean another process owned by the same user, then it breaks down
(hello trojan horse).
There are many things that would be *possible* with /proc, some of
them ill advised. For instance, why can't I 'mkdir /proc/n/' and have
it create a new process?
There's an aswer to that given by Ken in the Plan 9 paper:
http://www.cs.bell-labs.com/sys/doc/9.html:
-----------------------------------------------------------------------------------------------------
Nonetheless, it is possible to push the idea of file-based computing
too far.
Converting every resource in the system into a file system is a kind
of metaphor,
and metaphors can be abused. A good example of restraint is/proc,
which is
only a view of a process, not a representation. To run processes, the
usual
fork and exec calls are still necessary, rather than doing something
like
cp /bin/date /proc/clone/mem
------------------------------------------------------------------------------------------------------
Thanks,
Roman.
P.S. I suppose one might argue that it is also an answer to *my*
original
question -- /proc/<id>/ns is just a representation.
