On Thu, Feb 9, 2017 at 8:47 AM, Walter Dnes <waltd...@waltdnes.org> wrote: > On Wed, Feb 08, 2017 at 08:27:41PM -0500, Rich Freeman wrote > >> As you can see, there is limited ability for even root to accidentally >> mess something up. If you bind-mount /dev in a regular chroot >> (without a hardening technology on top) and something running as root >> in the chroot tries to write to /dev/sda, then it will have the >> obvious result. Note that Linux containers are not yet 100% secure so >> this should be viewed as a protection against accidental damage, not >> as equivalent to a VM. Non-root processes inside a container are >> considered to be pretty secure I believe, and I believe root is >> supposed to be OK if it is running in a container in a separate user >> namespace (so it is non-root on the host). > > If building Pale Moon inside a chroot as a regular user is a security > issue... then what can I say about doing personal 64-bit Pale Moon > builds directly on my desktop (*NOT* chrooted) as a regular user???
I was speaking of containers in general, not the concerns specific to building Pale Moon. -- Rich
