1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On Monday 22 September 2003 05:44 pm, Paul de Vrieze wrote: |
5 |
> If there were some way that we can have overlay filesystems supported by |
6 |
> the kernel ( readonly mount root, and over that mount a freshly created dir |
7 |
> that will be used for all writes instead of the original. For reads though |
8 |
> the original filesystem is visible (as long as there is no file with the |
9 |
> same name in the writable part)) then it would be quite easy with chroot to |
10 |
> "track" changes. I'm not a kernel coder, and I have no idea whether such |
11 |
> code allready exists. It should be not too complex either. And also provide |
12 |
> some of the "extra security" that was asked by an earlier thread this |
13 |
> month. It should also be more foolproof than the sandbox, but relies on the |
14 |
> kernel. |
15 |
Doesn't the sandbox work by intercepting glibc calls? What I'm proposing is |
16 |
intercepting those same calls, changing the filename, and running the actual |
17 |
glibc code with the new filename... |
18 |
- -- |
19 |
Luke-Jr |
20 |
Developer, Gentoo Linux |
21 |
http://www.gentoo.org/ |
22 |
-----BEGIN PGP SIGNATURE----- |
23 |
Version: GnuPG v1.2.3 (GNU/Linux) |
24 |
|
25 |
iD8DBQE/b0BeZl/BHdU+lYMRAlP6AJ0WOOmg5bsRW7/v79fGxl7GUqO8QgCgjgJb |
26 |
FOh54f1N1rA5DbEiIFI+KPI= |
27 |
=ST0m |
28 |
-----END PGP SIGNATURE----- |
29 |
|
30 |
|
31 |
-- |
32 |
gentoo-dev@g.o mailing list |