Rich Freeman <ri...@gentoo.org> writes: > If you have util-linux installed then try running (as any user - you > don't have to be root): unshare -i -m -n -p -u -C -f --mount-proc -U > -r /bin/bash > > Congrats. You are now root in a container. You're in the same root > filesystem as always. You'll note that you can't actually see > anything that you couldn't see before. If you run ps -ea you'll see > that you're the only process running on the system. Devices like > /dev/sda aren't actually accessible. A lot of container managers > would mount a new /dev and just hide most of that stuff. You can > probably imagine how something like this could be useful for isolating > processes.
Just a side node, this seems to be the ultimate sandbox we (Gentoo and portage) are after. With this, we might even be able to have portage full functional: a build is completely determined and only determined by the dependencies and USE flags.