"immersive.ex...@gmail.com" <immersive.ex...@gmail.com> writes:
> Thanks! > > So it sounds like you're saying selinux is the only meaningful thing to try? > Or do people ever bother to place qemu in chroot jails?? > > I seem to have gotten the impression that people use qemu-static to do this, > but it appears to be more for offering secured access of a guest folder > to the host OS; > not so much for security... chroot() by itself is not a useful security tool. https://lwn.net/Articles/252794/