Table of Contents
Plash extends the concept of executables -- which are anything that can be invoked via Unix's execve() call -- so that in addition to executable data files, you can have executable objects. In this case, execve() works by invoking the object via a method call. Executable objects can be attached to the filesystem tree and unmodified Unix programs can call them. Executable objects can be constructed from Unix programs as well.
The executable objects feature allows for fine-grained control over how processes are constituted, in particular their file namespaces.
This is similar to chroot() environments under Linux. chroot() also allows a process's root directory (its file namespace) to be changed. It can be used to run different Linux distributions on the same machine, change the libraries a program dynamically links with, etc. However, Linux has only limited, heavyweight mechanisms for creating file namespaces. Plash's mechanisms are lightweight, flexible, and not restricted to the superuser, and Plash can treat the files that a program receives as arguments separately from its library files and configuration files.