From: Sam Vilain (sam_at_vilain.net)
Date: Mon 11 Aug 2003 - 16:47:31 BST
Opinion Poll!
let's assume each file and directory carry a tag which
says "this is a file of context N", where N is the context
number of a virtual server.
An idea I just had is to treat it like an extension to the user ID -
eg, if you are using 16 bit user IDs then the context + the uid is the
`system userid' of 32 bits, but with special behaviour (such as
setting a default, meaning `any context', etc) when the context part
is 0 or 1. That way, files are uniquely identifiable between
contexts.
btw, where would you put those extra bits for each inode, is there
room in the ext2/reiser/etc reserved structures? Of course you could
use the top half of the nice shiny 32-bit UIDs in Linux 2.6 :-)
This would mean adding syntax to `chown' and/or `chgrp' to specify a
context name as well as a username (eg, chown root_at_vs1:other_at_vs1
filename).
It could also be a different command, chctx, as suggested elsewhere.
But personally, it looks like ownership to me.
2) if a program of context N encounters a file of
context M, where N != M ...
a) on modify change the file to the new context?
b) do not allow access to files from other contexts
except context zero/one?
c) allow modification while keeping the file
in its 'original' context?
3) consider a program creating a (hard)link to a file
in another context (including zero/one), should ...
a) the file change to the 'new' context?
b) the file keep the old context?
c) this operation be disallowed?
4) consider a program removing a link to a file with
more than one links, should the remaining links ...
a) be still 'owned' by the removing context?
b) be changed to context zero/one?
The behaviour should be exactly as if it were owned by a different
user.
-- Sam Vilain, sam_at_vilain.netC++, where only your friends can access your private parts.