Re: [PATCH][CFT] per-process namespaces for Linux

[Marco d'Itri]

On Feb 26, Alexander Viro <[EMAIL PROTECTED]> wrote:

 >There is no way to implement them without credentials' cache. Which needs
 >to be done for many other reasons, but that's a separate patch and
 >separate story. If it's done - no serious penalty involved. However,
 >I doubt that we want a union on / itself. /dev - sure, /bin and /lib -
 >maybe, but /... What for?
What I'd really like to do is remount / somewhere with mount --bind,
mount over it another skeleton file system which hides setuid programs
and some directories and then run a chrooted sshd in the new root.
If I'm not missing something, this would make creation of secure chroot
environments very easy.

 >Tomorrow I'll try to catch Erik and talk with him about that. I'm not sure
 >that I know anyone in Debian Install System Team (oh, boy... somebody sure
Just write to [EMAIL PROTECTED]

-- 
ciao,
Marco

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/