Very neat!
Ron Minnich and I built something similar: we built private namespaces for
login sessions. Ours have slightly different semantics I think.
To do so we changed mount+chroot into "imount" (i = invisible). This landed
a process in a file system that had no root in the Unix directory tree.
(see the "Private name spaces, PNS" project on SourceForge.
We added another goodie, which was called "memdev". It provided a new block
device from a private, i.e. copy on write, memory mapped block device. See
"memdev" on SourceForge.
We used it as follows:
- when you login, you get imounted into an environment where you have full
priviliges (except mknod). The "/" of your environment is not a directory
in the Unix tree.
- in this environment the system file systems are available to you on a
copy on write private basis.
- any files you change get out over a network file system to a server. We
used InterMezzo backed by a ramfs cache.
When the user logs out, everything is gone, except possibly footprints in
swap.
- Peter J. Braam -
Mountain View Data, Inc.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/