Hello Wolfgang, Wolfgang Rosner [2015-04-12 9:17 +0200]: > Nevertheless, I still think there is a severe documentation issue. > > Everybody using chroot the first time comes with some kind of half complete > knowledge, stumbling into the expectation "with chroot, everything is jailed > and safe".
That's not *at all* what chroots are about. "jailed and safe" applies to containers, not simple chroots; they are merely a different file system hierarchy, but they completely share the network, process, NSS, and MAC spaces of the "main" system. So running anything in a chroot is never "jailed". Are you aware of a particular piece of documentation which is misleading and should be updated? > Maybe you could also set policy-rc.d by default in a debootstrapped > installation? That might be worth a bug report; it's not appropriate to do that by default as debootstrap is usually being used for use cases where you *do* want services to start. But an option to create a suppressing policy-rc.d indeed sounds nice, and having and documenting it might also increase awareness of this issue. Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
