One could probably create several fileservers that provide access to the syscalls through the file interface, run them while the system still is in single user mode, then restrict access to those system calls through the capabilities system. I haven't tried it though, so I can't tell for sure, but, from the looks of it, it is possible.
2011/7/18 Charles Forsyth <fors...@terzarima.net>: > that's certainly a restriction, but a bigger one is that name spaces > really come into their own when many, even most, resources are represented > through the name space, and it makes sense to remap the name space to change > the actual resources accessed through a name. on Linux, significant things > are accessed through special system calls and mechanisms, and not through > its name space. > > ---------- Пересылаемое сообщение ---------- > From: Eugene Gorodinsky <e.gorodin...@gmail.com> > To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> > Date: Mon, 18 Jul 2011 11:32:17 +0300 > Subject: Re: [9fans] novel userspace paradigms introduced by plan 9 > That would be the only problem, yeah. > > 2011/7/17 Charles Forsyth <fors...@terzarima.net>: >>>CLONE_NEWNS? >> >> privileged processes only >> >> >
