http://50.77.162.165/mediawiki/index.php?action=history&feed=atom&title=PlashPlash - Revision history2026-05-02T16:40:08ZRevision history for this page on the wikiMediaWiki 1.15.5-7http://50.77.162.165/mediawiki/index.php?title=Plash&diff=1614&oldid=prevKevin Reid: create for the sake of categorization; copied from http://www.eros-os.org/pipermail/cap-talk/2004-December/002546.html2007-11-02T03:33:14Z<p>create for the sake of categorization; copied from http://www.eros-os.org/pipermail/cap-talk/2004-December/002546.html</p>
<p><b>New page</b></p><div>[http://www.cs.jhu.edu/~seaborn/plash/plash.html Plash] is<br />
a Unix shell which lets you run Unix programs with access only<br />
to the files and directories they need to run. Programs are given<br />
access to files which were passed as command line arguments.<br />
<br />
In order to implement this, the filesystem is virtualised. Each<br />
process can have its own namespace — its own root directory — which<br />
can contain a subset of your files.<br />
<br />
This is implemented by modifying GNU libc and replacing the system<br />
calls that use filenames. For example, <code>open()</code> is changed so that it<br />
sends a message to a file server via a socket. If the request is<br />
successful, the server sends the client a file descriptor via the<br />
socket as a result. Processes are run as the user ‘<code>nobody</code>’, and in a<br />
chroot jail, so that they can't access any files using the usual<br />
system calls, and must go through the file server instead. This<br />
approach doesn't require modifying the kernel at all.<br />
<br />
<br />
<br />
[[Category:Command lines]]</div>Kevin Reid