| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On Monday 22 September 2003 05:44 pm, Paul de Vrieze wrote: |
| 5 |
> If there were some way that we can have overlay filesystems supported by |
| 6 |
> the kernel ( readonly mount root, and over that mount a freshly created dir |
| 7 |
> that will be used for all writes instead of the original. For reads though |
| 8 |
> the original filesystem is visible (as long as there is no file with the |
| 9 |
> same name in the writable part)) then it would be quite easy with chroot to |
| 10 |
> "track" changes. I'm not a kernel coder, and I have no idea whether such |
| 11 |
> code allready exists. It should be not too complex either. And also provide |
| 12 |
> some of the "extra security" that was asked by an earlier thread this |
| 13 |
> month. It should also be more foolproof than the sandbox, but relies on the |
| 14 |
> kernel. |
| 15 |
Doesn't the sandbox work by intercepting glibc calls? What I'm proposing is |
| 16 |
intercepting those same calls, changing the filename, and running the actual |
| 17 |
glibc code with the new filename... |
| 18 |
- -- |
| 19 |
Luke-Jr |
| 20 |
Developer, Gentoo Linux |
| 21 |
http://www.gentoo.org/ |
| 22 |
-----BEGIN PGP SIGNATURE----- |
| 23 |
Version: GnuPG v1.2.3 (GNU/Linux) |
| 24 |
|
| 25 |
iD8DBQE/b0BeZl/BHdU+lYMRAlP6AJ0WOOmg5bsRW7/v79fGxl7GUqO8QgCgjgJb |
| 26 |
FOh54f1N1rA5DbEiIFI+KPI= |
| 27 |
=ST0m |
| 28 |
-----END PGP SIGNATURE----- |
| 29 |
|
| 30 |
|
| 31 |
-- |
| 32 |
gentoo-dev@g.o mailing list |
Archives