[Isolate-interest] Isolate root jail
Mikolaj Habryn
dichro@rcpt.to
Fri, 17 Sep 2004 08:31:58 +1000
On Fri, 2004-09-17 at 07:46, Bernhard Fastenrath wrote:
> My suggestion goes a little further: The isolate should be able to
> chroot(2) itself to a different
> root filesystem (create a jail environment: Want to securely partition
> VMs? One option is to put 'em in Jail.)
Isn't this a little too platform specific? If this becomes a
specification item you're going to have a hard time delivering compliant
isolates on anything that isn't POSIX or UNIX (which is most of the
world).
If someone is in a position to guarantee that their code will only ever
run on UNIX/POSIX platforms, then they can supply appropriate
sub-classes that will chroot, redirect I/O, pop up useful dialog boxes
or perform whatever additional operations their chosen platform will
support.
m.