DragonFly submit List (threaded) for 2005-01
[
Date Prev][Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: jls, jexec support
:On Mon, Jan 31, 2005 at 09:16:59AM -0800, Matthew Dillon wrote:
:> That's one of the major features of the new namecache code. The old
:> namecache code was purely advisory... in fact, VFS's could bypass it
:> (and did). The new namecache code is fully integrated, mandatory,
:> separated from the vnode algorithms, and cannot be bypassed.
:
:Do we still have to mess with the vnode in kern_chroot? Can we use
:the namespace entry of the new root directly for fdp->fd_rdir?
:
:Joerg
I've considered that point several times but for now I think we have
to keep the vnode as a security measure. Otherwise the chroot directory
can be rm -rf'd, a new directory with the same name can be created,
and then the process's chroot will be in a different directory.
In anycase, the issue needs more thought.
-Matt
Matthew Dillon
<dillon@xxxxxxxxxxxxx>
[
Date Prev][Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]