Blaisorblade wrote: > On Sunday 04 March 2007 17:50, Sylvain Beucler wrote: >> On Sat, Mar 03, 2007 at 07:32:46PM +0100, Blaisorblade wrote: >> Hi, >> >> I tested and it works. >> >> Thanks, > > You'll probably also see that -o .. allows bypassing the 'hostfs jail', and > I've just implemented a fix to that. The question is whether this should be > merged. > > Indeed, the root user inside UML can bypass that anyway, if he modifies the > hostfs module, compiles and loads it. If security is at stake then the host admin should use non-modular kernels to prevent such tampering.
> So the host admin really needs to run > UML in a chroot if he needs real security. chroot isn't totally foolproof (see chroot-again issue), but when chrooting + changing user (like compartment does), it should be pretty safe. Antoine ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
