On Tue, Mar 30, 2021 at 11:03:10PM -0700, Kees Cook wrote: > Regardless, I still endorse this change because it doesn't make things > _worse_, since without this, a compromised process wouldn't need ANY > tricks to escape a chroot because it wouldn't be in one. :) It'd be nice > if there were some way to make future openat() calls be unable to > resolve outside the chroot, but I view that as an enhancement. > > But, as it stands, I think this makes sense and I stand by my > Reviewed-by tag. If Al is too busy to take it, and James would rather > not take VFS, perhaps akpm would carry it? That's where other similar > VFS security work has landed. Frankly, I'm less than fond of that thing, but right now I'm buried under all kinds of crap (->d_revalidate() joy, mostly). I'll post a review, but for now it's very definitely does *not* get an implicit ACK from me.
