On 30/05/2016 11:59, Etienne Champetier wrote: > Hi John, > > 2016-05-30 9:33 GMT+02:00 John Crispin <j...@phrozen.org>: >> >> >> Hi Etienne, >> >> why dont we want to do that ? > > If you modify the hostname of the router you might want to propagate > it into the jail, it depends > > Please don't merge this patch, i will improve it a bit: > no -h => no CLONE_NEWUTS > -h => CLONE_NEWUTS > -h <newhostname> => CLONE_NEWUTS + sethostname() > > CLONE_NEWUTS is not a security feature, > sethostname() require CAP_SYS_ADMIN which allow you to escape jail > (mknod + mount for exemple)
ok, i'll merge 1-6 and leave 7/7 out. i wondered abotu this because there are 3 states (the ones you listed) and the code only handles 2. John _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev