|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2021-03-15 17:38:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Unprivileged chroot()
It is probably fair to say that most Linux developers never end up using chroot()
in an application. This system call puts the calling process into a new
view of the filesystem, with the passed-in directory as the root
directory. It can be used to isolate a process from the bulk of the
filesystem, though its security benefits are somewhat limited. Calling
chroot() is a privileged operation but, if Mickaël Salaün has his
way with this patch
set, that will not be true for much longer, in some situations at
least.
It is probably fair to say that most Linux developers never end up using chroot()
in an application. This system call puts the calling process into a new
view of the filesystem, with the passed-in directory as the root
directory. It can be used to isolate a process from the bulk of the
filesystem, though its security benefits are somewhat limited. Calling
chroot() is a privileged operation but, if Mickaël Salaün has his
way with this patch
set, that will not be true for much longer, in some situations at
least.
