User: Password:
|
|
Subscribe / Log in / New account

Yes. and No. and Yes.

Yes. and No. and Yes.

Posted Jan 17, 2008 16:10 UTC (Thu) by nix (subscriber, #2304)
In reply to: Yes. and No. and Yes. by hummassa
Parent article: State of the unionfs

It occurs to me that this could be used to make fakeroot a lot less ugly internally. It
wouldn't need to mess around transforming paths anymore, just union-mount something writable
over / in a per-process cloned namespace, fake out permissions checks, and Bob's your uncle :)
no harm can be done should the code 'overwrite' /etc/shadow or 'delete' /usr, because trusted
code could inspect the writable union target post-'make install' and transfer only those parts
which look acceptable onto the underlying filesystem(s).


(Log in to post comments)

Yes. and No. and Yes.

Posted Jan 18, 2008 8:59 UTC (Fri) by njs (guest, #40338) [Link]

I thought that the point of fakeroot was that it let you do arbitrary (virtual) chown/chmod's
on files you had just created, not that it let you scribble randomly on the existing
filesystem.

I guess you could have, like, a FUSE filesystem that allowed anyone to do arbitrary
chown/chmod, but could only be mounted nodev nosuid.  That might be safe and effective.  Or
something with containers?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds