|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2018-10-04 15:53:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] New AT_ flags for restricting pathname lookup
System calls like openat()
have access to the entire filesystem —
or, at least, that part of the filesystem that exists in the current mount
namespace and which the caller has the
permission to access. There are times, though, when it is desirable to
reduce that access, usually for reasons of security; that has proved to be
especially true in many container use cases. A new patch
set from Aleksa Sarai has revived an old idea: provide a set of
AT_ flags that can be used to control the scope of a given
pathname lookup operation.
System calls like openat()
have access to the entire filesystem —
or, at least, that part of the filesystem that exists in the current mount
namespace and which the caller has the
permission to access. There are times, though, when it is desirable to
reduce that access, usually for reasons of security; that has proved to be
especially true in many container use cases. A new patch
set from Aleksa Sarai has revived an old idea: provide a set of
AT_ flags that can be used to control the scope of a given
pathname lookup operation.
