--C1iGAkRnbeBonpVg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 28, 2005 at 04:01:56PM -0400, Steven M. Bellovin wrote:
> In message <D8F0C8E3-2698-4AF9-9DEF-85B68C6C54C5@shagadelic.org>, Jason T=
horpe=20
> writes:
> >
> >And you will still be able to do that.  Who says the devfs can't be =20
> >mounted read-only?  Who says "nodev" won't continue to work on =20
> >regular file systems?  No one has made any such claim.
> >
>=20
> Will it still be possible to create devices inodes by major/minor=20
> number?

Well, we don't have an implementation, but my thought is "no." This may=20
not work out, though...

> I was wondering about a chrooted application -- it needs some devices
> (/dev/null is the obvious example), but I would not want it to have all=
=20
> of devfs.  (I also want to ensure that it can't mount it....)

My thought about that was to permit a second (or more) devfs mount, and=20
use them for chroot environments. And they would only get a subset of=20
devices. And even if the main devfs could gain nodes after boot, they=20
could well not (and probably shouldn't).

But we don't yet have an implementation and we don't have experience with=
=20
it. :-)

Take care,

Bill

--C1iGAkRnbeBonpVg
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFDYrcwWz+3JHUci9cRAtdZAKCXce0HS63jHnSFHHtS3OQmwQI85gCcCSFM
WtWFSS1C6jGecSW2Y1V1ND4=
=wkn4
-----END PGP SIGNATURE-----

--C1iGAkRnbeBonpVg--