|
|
|
|
|
|
by vezzy-fnord
4175 days ago
|
|
|
Role-based and other access control mechanisms unfortunately come off all too frequently as bolted on and arcane hacks. The real issue lies in the fact that the file system resides in a global namespace, when it shouldn't. Much like each process has its own environment variables, so should it have its own namespace. Linux does support so-called "mount namespaces" now, but once again they're not inherent parts of the system, but have to be tacked on through explicit unshares, and thus lose the cohesiveness of platforms such as Plan 9. [1] [1] http://doc.cat-v.org/plan_9/4th_edition/papers/names |
|
|