Re: [PATCH 4/4] Allow unprivileged chroot when safe

From: Jamie Lokier
Date: Tue Jan 17 2012 - 05:15:39 EST


Colin Walters wrote:
> On Sun, 2012-01-15 at 16:37 -0800, Andy Lutomirski wrote:
>
> > Because chroot is an easy way to break out of chroot jail, CAP_SYS_ADMIN
> > is still required if the caller is already chrooted.
>
> This part is pretty gross. It means it won't work for stuff like
> containers (systemd-nspawn etc.) and furthermore

> I have plans that involve running OS trees inside a chroot, and this
> would obviously not work for that.

Indeed, I do run many of my machines inside a chroot.
The real filesystem has:

/distro/that
/distro/newer
/distro/this

instead of partitions. I'm chroot'd and fully booted up in
/distro/this, although I can see files in the others and I might run a
few things from them as well.

This isn't "userland chroot", it's the top level of the process tree:
/distro/this/sbin/init. It would be a shame if it behaved differently
just because "it's a chroot".

-- Jamie
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/