Hi, This is the release of linux-user-chroot 2012.2. The major change now is that it makes use of Andy's new PR_SET_NO_NEW_PRIVS. This doesn't close any security hole I'm aware of - our previous use of the MS_NOSUID bind mount over / should work - but, belt and suspenders as they say.
The code: http://git.gnome.org/browse/linux-user-chroot/commit/?id=515c714471d0b5923f6633ef44a2270b23656ee9 As for how linux-user-chroot and PR_SET_NO_NEW_PRIVS relate, see this thread: http://thread.gmane.org/gmane.linux.kernel.lsm/15339 Summary ------- This tool allows regular (non-root) users to call chroot(2), create Linux bind mounts, and use some Linux container features. It's primarily intended for use by build systems. Project information ------------------- There's no web page yet; send patches to Colin Walters <walt...@verbum.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/