On Sat, 16 May 2020, Aaron B. wrote: > It also doesn't solve the ultimate issue here, which is isolation: a > user (in the kernel sense of user, not necessary a human logged in via > SSH) in one chroot could run 'ls' or equivalant syscalls and see > activity inside a different chroot.
Assuming this is a typo, please see the security.curtain=1 sysctl. For details, read manuals: security(7) secmodel_extensions(9) sysctl(7)
