*sneeze*
Yeah, it is perhaps quite possible for a uid-0 process to get out of the chroot, which is why a chroot must be properly configured in the first place, having just the bare metal to run the allowed apps per the site's policy. Again, a good /etc/sudoers can help. I also hear on the grapevine that there's a fakeroot-aware sudo in the works too...
hmm.. uh, sorry. IT IS VERY POSSIBLE for a uid0 process to leak out a chroot environment. after all, it is uid0. Thats why on one operating system, as soon as chroot() is called, the privilege separates and drops from uid0 to user.
As for the nowhere-land bits, I have to agree with you, my bad :/ I'm used to building chroots within chroots within chroots (or, more precisely, pbuilder in dchroot in dchroot)... don't ask me why ;P
*cough* chroot/chroot/chroot = redundantly funny. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
