From: Mike Hearn <mike@plan99.net>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [PATCH] Add a /proc/self/exedir link
Date: Wed, 05 Apr 2006 22:52:37 +0100 [thread overview]
Message-ID: <44343C25.2000306@plan99.net> (raw)
In-Reply-To: <m1fykr3ggb.fsf@ebiederm.dsl.xmission.com>
> I think if we can fix namespaces you don't have to be root to use
> them that is a superioir approach, and will cover more cases.
That would be nice. I assumed they needed root for security reasons
rather than architectural reasons.
> I have concerns about security policy ...
I'm not sure I understand. Only if you run that program, and if you
don't have access to the intermediate directory, how do you run it?
> This means I can not run any of your relocatable executalbes in
> a chroot environment unless I mount proc.
Why is mounting proc a bad thing? I have never seen a Linux distro that
does not provide proc and many desktop-level things depend on it.
> Given how long we have been without this I doubt many people actually
> care
You could argue the same for any new feature. Writing relocatable
software on UNIX is absolutely standard, except it's done at source
compile time not runtime. That fits with the traditional UNIX culture of
compiling software to install it, but the times they are a changin :)
> I'm not certain the directory of an inode even makes sense, and
> that is what you are asking for us to export.
How so? The code does work, though I guess you could devise a scenario
in which there is a running executable that is not attached to any
directory.
thanks -mike
next prev parent reply other threads:[~2006-04-05 21:51 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-03 23:01 [PATCH] Add a /proc/self/exedir link Mike Hearn
2006-04-03 23:26 ` Joshua Hudson
2006-04-03 23:30 ` Neil Brown
2006-04-04 15:54 ` Jan Engelhardt
2006-04-04 21:24 ` Nix
2006-04-05 20:39 ` Eric W. Biederman
2006-04-05 21:52 ` Mike Hearn [this message]
2006-04-06 23:33 ` Tony Luck
2006-04-07 7:52 ` Neil Brown
2006-04-07 9:15 ` Andreas Schwab
2006-04-07 19:10 ` Eric W. Biederman
2006-04-08 8:26 ` Jan Engelhardt
[not found] <5XGlt-GY-23@gated-at.bofh.it>
[not found] ` <5XGOz-1eP-35@gated-at.bofh.it>
2006-04-06 11:39 ` Bodo Eggert
2006-04-06 13:21 ` Mike Hearn
2006-04-06 17:02 ` Bodo Eggert
2006-04-06 19:36 ` Mike Hearn
2006-04-07 18:40 ` Eric W. Biederman
2006-04-07 19:22 ` Mike Hearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44343C25.2000306@plan99.net \
--to=mike@plan99.net \
--cc=akpm@osdl.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).