> On Sun, 2002-11-03 at 14:51, Alexander Viro wrote:
> > No messing with chroot needed - just a way to irrevertibly turn off the
> > ability (for anybody) to do mounts/umounts in a given namespace and ability
> > to clone that namespace. Then give them ramfs for root and bind whatever
> > you need in there. No breaking out of that, since there is nothing below
> > their root where they could break out to...
>
> mkdir foo
> chroot foo
> cd ../../../..
> chroot .
... will give him nothing, since he is not in chroot jail to start with.
He has a namespace of his own with his own root filesystem. Which has
several empty directories and nothing else - everything else is bound on
these. He is at his absolute root and can't break out of it - there is
nowhere to break out. So his /foo will be a subdirectory of root of his
root filesystem. OK, he chroots there. His cwd is still at absolute root
and he can follow .. until he's blue in the face - he will stay where he
started.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/