Marcus Brinkmann wrote:
On Tue, May 21, 2002 at 10:33:09AM -0400, Nathan Hawkins wrote:Jails are kind of like the translators. They're a kernel-specifc (or whatever the Hurd is supposed to be) add-on.
[stuff deleted]
A jail is not anything like a translator, but a translator can be like a jail. You would start the translator that would provide a filesystem like a jail provides. And then you would set your root directory to be that of the filesystem provided by this translator. And then you can exec the programyou want to be in the jail. However, this would only cover the chroot part. For example, to restrict which processes it can see and control, you need towrite a new process server, and make that process be the one used by the program you exec. That would cover the process part. Other things that are restricted in a way had to be implemented by proxy'ing more Hurd server components.
And you've helpfully missed my point. Let me try again:There are things which must be expected of all systems that want to be Debian, and things which are not. Jails, translators, Linux emulation, and similar features are in the second category. Pipes, filesystems, TCP/IP support, etc. are in the first. This is just common sense.
The assertion we disagree on is probably that IP filtering is a necessary part of a _complete_ TCP/IP implementation.
---Nathan -- To UNSUBSCRIBE, email to debian-hurd-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org