Unionfs etc Re: Packaging

Chris Pressey cpressey at catseye.mine.nu
Fri Mar 12 14:40:05 PST 2004


On Fri, 12 Mar 2004 22:25:56 +0100
Joerg Sonnenberger <joerg at xxxxxxxxxxxxxxxxx> wrote:

> On Fri, Mar 12, 2004 at 03:16:26PM -0800, James Frazer wrote:
> > So what I'm getting at here is I think the file system 'view' should
> > be more dynamic, and based upon who is using the OS (maybe depending
> > on different user classes).  Regular users obviously do not need
> > access to OS files, and should never know they even exist.  Sys
> > Admins would have a different view, and the OS developer would have
> > another view as well. 
> >  Maybe this could be thought of as 'blackboxing' the system.
> 
> No. This is wrong. You can use views to restrict users to view only
> programs they want to use, the needed shared libraries and some
> devices. But you can't enforce an even stricter view (e.g. only the
> documents) since the applications just won't work anymore.

Surely it would be *possible* (I'm not suggesting that it is *desirable*
though) with enough fine-grained VFS Voodoo...

Have certain files only executable by the user - they can't read them,
write them, or see them in directory listings.  Unless there's an icon
or something that references them, they don't even know they exist.

Have other files (like config files) visible only to certain programs. 
So the user can't open .foorc with ee, but when they run foo, it can
read .foorc.

Probably a lot of work, granted, but I can't (at the moment) see a hard
technical reason for why it'd be flat-out impossible.

-Chris





More information about the Kernel mailing list