Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 3 Nov 2002 11:23:26 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 3 Nov 2002 11:23:25 -0500 Received: from pc1-cwma1-5-cust42.swa.cable.ntl.com ([80.5.120.42]:30093 "EHLO irongate.swansea.linux.org.uk") by vger.kernel.org with ESMTP id ; Sun, 3 Nov 2002 11:23:24 -0500 Subject: Re: Filesystem Capabilities in 2.6? From: Alan Cox To: Alexander Viro Cc: Linus Torvalds , Olaf Dietsche , "Theodore Ts'o" , Dax Kelson , Rusty Russell , Linux Kernel Mailing List , davej@suse.de In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) Date: 03 Nov 2002 16:50:59 +0000 Message-Id: <1036342259.29642.51.camel@irongate.swansea.linux.org.uk> Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 698 Lines: 19 On Sun, 2002-11-03 at 14:51, Alexander Viro wrote: > No messing with chroot needed - just a way to irrevertibly turn off the > ability (for anybody) to do mounts/umounts in a given namespace and ability > to clone that namespace. Then give them ramfs for root and bind whatever > you need in there. No breaking out of that, since there is nothing below > their root where they could break out to... mkdir foo chroot foo cd ../../../.. chroot . Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/