Source: plash
Section: shells
Priority: optional
Maintainer: Mark Seaborn <mseaborn@onetel.com>
# perl is for plash
# All else in Build-Depends is taken from Debian's glibc package
Build-Depends: perl, gettext (>= 0.10.37-1), make (>= 3.80-1), dpkg-dev (>= 1.4.1.5), debianutils (>= 1.13.1), tar (>= 1.13.11), bzip2, texinfo (>= 4.0), linux-kernel-headers (>= 2.5.999-test7-bk-9) [!hurd-i386], mig (>= 1.3-2) [hurd-i386], hurd-dev (>= 20020608-1) [hurd-i386], gnumach-dev [hurd-i386], texi2html, file, gcc-3.3 [!ia64] | gcc-3.4 [!ia64], gcc-3.3 (>= 1:3.3.5-5) [ia64] | gcc-3.4 (>= 3.4.3-2) [ia64], autoconf, binutils (>= 2.14.90.0.7-5), sed (>= 4.0.5-4), gawk, debhelper (>= 4.1.76)

Package: plash
Architecture: any
Depends: ${shlibs:Depends}
Description: The Principle of Least Authority shell (Plash)
 Plash (the Principle of Least Authority shell) is a replacement Unix
 shell which lets the user run Linux programs with access only to the
 files and directories that they need to run.
 .
 It works by virtualizing the filesystem.  Each process can have its
 own file namespace.
 .
 This implemented in two steps: Firstly, processes are run in a
 chroot() environment under different UIDs, so they can't access files
 using the normal Linux system calls and are isolated from each other.
 Secondly, in order to open files, a process makes requests to a server
 process via a socket; the server can send file descriptors across the
 socket in reply.
 .
 Plash dynamically links programs with a modified version of GNU libc
 so that they can do filesystem operations using this different
 mechanism.
 .
 No kernel modifications are required.  Plash can run Linux binaries
 unmodified, provided they are dynamically linked with libc, which is
 almost always the case.
 .
 In most cases this does not affect performance because the most
 frequently called system calls, such as read() and write(), are not
 affected.
