On Wednesday 08 October 2003 14:59, Rik van Riel wrote: > On Tue, 7 Oct 2003, Alex Lyashkov wrote: > > On Tuesday 07 October 2003 03:34, Jacques Gelinas wrote: > > > chrootsafe > > > > > > This is a new system call that unlike chroot, can't be escaped. > > > > why don`t use private namespace ? > > Good question. Using CLONE_NEWNS followed by a recursive > bind mount to hide everything else would be so much better > than adding a new syscall. > Using CLONE_NEWNS do problems with umout after sys_pivot_root - see Herberts post in linux-kernel@ but if create namespace manuality and change namespace for process - problems be absent.
-- With best regards, Alex
