On 15/03/2021 22:17, Kees Cook wrote:
> On Thu, Mar 11, 2021 at 11:52:42AM +0100, Mickaël Salaün wrote:
>> [...]
>> This change may not impact systems relying on other permission models
>> than POSIX capabilities (e.g. Tomoyo). Being able to use chroot(2) on
>> such systems may require to update
On Thu, Mar 11, 2021 at 11:52:42AM +0100, Mickaël Salaün wrote:
> [...]
> This change may not impact systems relying on other permission models
> than POSIX capabilities (e.g. Tomoyo). Being able to use chroot(2) on
> such systems may require to update their security policies.
>
> Only the chroot
From: Mickaël Salaün
Being able to easily change root directories enable to ease some
development workflow and can be used as a tool to strengthen
unprivileged security sandboxes. chroot(2) is not an access-control
mechanism per se, but it can be used to limit the absolute view of the
filesystem
3 matches
Mail list logo