1 |
On Mon, Oct 14, 2013 at 2:58 PM, David Leverton |
2 |
<levertond@××××××××××.com> wrote: |
3 |
> |
4 |
> If only someone would invent some sort of kernel feature that could make the |
5 |
> name "/etc/mtab" refer to different files in different processes.... |
6 |
> |
7 |
|
8 |
Well, the symlink seems like the simpler solution to be honest. I |
9 |
mean, instead of having the ps command to list running processes you |
10 |
could just have a daemon dump the list in a file every 10 seconds and |
11 |
have programs read it, but... |
12 |
|
13 |
However, FWIW, linux namespaces cannot be used to have only a single |
14 |
file appear differently to different processes. Mount namespaces can |
15 |
only operate at the directory level. |
16 |
|
17 |
I was actually looking into using namespaces as an alternative to the |
18 |
sandbox model portage currently uses. Basically you'd look at a |
19 |
package's DEPENDs and build a namespace containing only those files, |
20 |
and now devs don't inadvertently add ebuilds that are missing DEPENDs. |
21 |
|
22 |
A bit of a tangent, but the sandbox functionality in portage CAN be |
23 |
used to do just this with somewhat little effort. I've just never |
24 |
gotten around to trying it out. By default sandbox is told to give |
25 |
read-access to everything - the sandbox command does restrict both |
26 |
reads and writes already and if that configuration were made dynamic |
27 |
and set by portage per-package it would work just fine. I just |
28 |
figured namespaces would be a more elegant solution (it is also more |
29 |
secure, but security isn't really a concern here). |
30 |
|
31 |
Rich |