> The problem with this is its nontrivial to set up all the rules. Being
> able to use namespaces to revoke rights is a big help. If we were to add
> a capability for 'getting out of chroot' then we can also combine it
> with chroot to drop users into an unpriviledged universe from which they
> cannot escape because we took away the chroot stuff and we took away
> rawio and so on
No messing with chroot needed - just a way to irrevertibly turn off the
ability (for anybody) to do mounts/umounts in a given namespace and ability
to clone that namespace. Then give them ramfs for root and bind whatever
you need in there. No breaking out of that, since there is nothing below
their root where they could break out to...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/