On Tue, 7 Oct 2003, Alex Lyashkov wrote: > On Tuesday 07 October 2003 03:34, Jacques Gelinas wrote:
> > chrootsafe > > > > This is a new system call that unlike chroot, can't be escaped. > why don`t use private namespace ? Good question. Using CLONE_NEWNS followed by a recursive bind mount to hide everything else would be so much better than adding a new syscall. Rik -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan
