On Tue, Dec 03, 2002 at 02:39:35PM +0000, John Goerzen wrote: > It's much better if it's first been in some other tree for awhile -- > say the ac series. Linus trusts that sort of code more.
I don't think that AC (or any other kernel maintainer) would ever accept the chmod 000 hack to stop chroot escapes. Its just horrid! AC has expressed strong opinions on not modifying the current semantics of chroot to "fix" them too as it breaks current applications. I think that this needs careful thought before vserver goes for the mainline kernel. Perhaps a new system call is needed - one based on the BSD chroot maybe but called something else? -- Nick Craig-Wood [EMAIL PROTECTED]
