2010/4/12 erik quanstrom <quans...@quanstro.net>: >> 2010/4/12 hiro <23h...@googlemail.com>: >> > I have not the slightest idea about the complexity involved; And I >> > think I misunderstand how much of plan9 is actually running in a >> > sandbox. But what if we wanted to have a working security system for >> > multiple users in 9vx. Would it be - or is it - possible? >> >> Yes, it is possible, but it probably requires writing something to use >> PAM (or whatever authentication mechanism is set up) on the host >> system. I have a few ideas for this. > > iirc, 9vx doesn't have devcap.
It does not. (Yet). > the problem you're addressing can't be addressed well through #Z. > unix systems act differently than plan 9 ones do. there are a host > of locking, etc. questions that #Z doesn't handle either. it would be easier > to use a plan 9 fs (ken fs, cwfs, fossil). then you wouldn't need to > deal with unix authentication. Probably true. However, I'm confident that there are ways to address it -- and still, one of the cool things about 9vx is the local FS access. When I was doing my 9vx autoprovisioner, the instances would start in a chrooted sandbox, which was the best way I could figure to deal with the permissioning issues at that point in time (without lots o hacking). --dho > - erik > >
