--hdMwqcnXK86+cyrC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 01, 2005 at 07:49:59PM -0500, Steven M. Bellovin wrote:
> I'm thinking out loud here, so I may easily be confused, but...
>=20
> What if we replaced the chroot() system call by an overlay file
> system, mounted over some subtree?  The advantage is that that file
> system could be mounted read-only, nosuid, nodev, even noexec.

Two points, stated somewhat facetiously for dramatic effect (or
something):

 * This and some of the followup sounds a lot like you want (or might
   soon afterwards want) per-process mounts.  While I can think of a
   number of other potentially useful things to do with such an
   animal, "if you want plan9 you know where to find it" :-)

 * Systrace is probably a far more effective way to express the
   permissions you want your overlay to enforce than writing a new
   filesystem each time - and if it's not, perhaps that's where
   improvements should go?

--
Dan.
--hdMwqcnXK86+cyrC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iD8DBQFDaXGOEAVxvV4N66cRAuxOAKCK9ABLE0pMcHXB+5eXMTX/gMqRqACgy41Q
//IUacEv2s2xSG3+RzR0Wbs=
=n0Qe
-----END PGP SIGNATURE-----

--hdMwqcnXK86+cyrC--