Re: [PATCH] private mounts
From: Jamie Lokier
Date: Thu Apr 28 2005 - 14:26:30 EST
Eric Van Hensbergen wrote:
> > Does chroot into /proc/NNN/root cause the chroot'ing process to adopt
> > the namespace of NNN? Looking at the code, I think it does.
>
> I've been thinking about this a bit more...would you even need chroot?
> (wouldn't exposing chroot functionality to a user incur additional
> security risk? I guess it would be okay as long as you were only
> chrooting to one of your other process' roots?)
You don't need to let an ordinary user do chroot.
The login process can do it before it changes uid to the user, the
same as it does to set up all the other per-user parameters.
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/