Comment Re:That's neat (Score 1) 87
The vserver project provides a neat way to
have chrooted process with less capabilities
so they can't break out. For example, they can't
use mknod nor write to /proc. In fact, they can't
mount. So even as root with a compiler, you won't
break the chroot (all the tricks have been tested).
http://www.solucorp.qc.ca/miscprj/s_context.hc
have chrooted process with less capabilities
so they can't break out. For example, they can't
use mknod nor write to
mount. So even as root with a compiler, you won't
break the chroot (all the tricks have been tested).
http://www.solucorp.qc.ca/miscprj/s_context.hc
