The conversation about how to handle third-party utilities in the base system is continuing. Most everyone is coming around to the idea of variant symlinks – file links that use a variable to determine destination, with that variable value determined by the rc system.

Matt Dillon added to his earlier plan with a description of the framework for this variable data, using a system MTA as an example:

“So, to begin this discussion lets consider how ‘mtabase’ is dealt with
in the kernel? I’ll throw out a possibility:

* ‘varsym’ structure represents variable, ‘varsymlist’ structure
represents variable set.

* Master varsymlist which is system-wide
* Embed varsymlist in jail
* Embed varsymlist in struct uidinfo (see sys/resourcevar.h)
* Embed varsymlist in struct proc (for local adjustments)
* Make uidinfo per-jail as well as per-uid.
* Resource limit to limit max kernel memory used for a varsymlist
variable set.
* Utilities and system calls to modify varsymlist system-wide,
in jail, for uid in jail, or locally (in proc).

SUID/SGID operation:

* on exec new program does NOT inherit varsymlist from parent
process.
* SGID programs do not inherit varsymlist from uidinfo.

UTILITIES:

* setvarsym, delvarsym, showvarsym, default to local varsym with
options to modify system-wide (true root only), jail (pseudo
root only), or user/uid (root or that user only) copy.”