Shaya Potter wrote: >> Majkls wrote: >> > >>>> Hello, >>>> is there possibility to add hardened chroot() to linux kernel? I have >>>> some patch and I would like submit it into linux-kernel. Now can be >>>> chroot workarounded. What do you think about it? > >> >> >> I wrote one a few years ago, but there seemed to be no interest in it. >> >> My conception was based on that observation that a chroot "point" really >> only deals with path walking and basically says that at this point ".." >> is the same as ".". Therefore, all we need are a linked list of "chroot >> points" and just like the current follow_dotdot() function tests if the >> current directory is the "root", one can just have it loop through the >> entire list of chroot points. yes i have special function which check if is it in root. It is also necessary fix sys_fchdir. >> >> The idea was to enable root processes to run within a chroot >> environment, and even call chroot(). >> >> In Linux today, it might be better solved via setting up an alternative >> namespace. yes, but it is not so simple. simplier is one patch for chroot. Why don't do it right, if it is not problem. >> >> - >> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> -- Miloslav "Majkls" Semler - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
