Isn't it too restrictive, eg, not allowing you to create pipes?
On Sat, Jan 3, 2009 at 11:40 PM, Roman V. Shaposhnik <r...@sun.com> wrote:
> On Sat, 2009-01-03 at 17:03 -0500, erik quanstrom wrote:
>> > Did you see the example I provided in the original
>> > email? "rfork m" is *exactly* RFNOMNT. And it doesn't
>> > seem to work for one simple reason: RFNOMNT doesn't
>> > restrict bind(2).
>>
>> these are exceptions. from port/chan.c:
>>
>> case '#':
>> nomount = 1;
>> up->genbuf[0] = '\0';
>> n = 0;
>> while(*name != '\0' && (*name != '/' || n < 2)){
>> if(n >= sizeof(up->genbuf)-1)
>> error(Efilename);
>> up->genbuf[n++] = *name++;
>> }
>> up->genbuf[n] = '\0';
>> /*
>> * noattach is sandboxing.
>> *
>> * the OK exceptions are:
>> * | it only gives access to pipes you create
>> * d this process's file descriptors
>> * e this process's environment
>> * the iffy exceptions are:
>> * c time and pid, but also cons and consctl
>> * p control of your own processes (and unfortunately
>> * any others left unprotected)
>> */
>> n = chartorune(&r, up->genbuf+1)+1;
>> /* actually / is caught by parsing earlier */
>> >>>> if(utfrune("M", r))
>> >>>> error(Enoattach);
>> >>>> if(up->pgrp->noattach && utfrune("|decp", r)==nil)
>> error(Enoattach);
>> t = devno(r, 1);
>> if(t == -1)
>> error(Ebadsharp);
>> c = devtab[t]->attach(up->genbuf+n);
>> break;
>>
>> the first two indicated lines are redundant.
>> i'm not so sure about any of the exceptions.
>
> Two comments:
> 0. First of all, thanks for the code snippet. I'm so used to Plan9
> having as little exceptions as possible and being very well
> documents that I sometimes forget to look for the source.
> 1. This better be documented in the man pages, if you ask me.
>
> And finally, I'd say having these exceptions is a mistake. Unless,
> there's a really good reason, they break the paradigm of RFNOMNT
> quite needlessly without even a hint of a benefit.
>
> Anybody disagrees?
>
> Thanks,
> Roman.
>
>
>
