On Friday 26 September 2003 16:41, Herbert Poetzl wrote: > On Fri, Sep 26, 2003 at 06:25:18AM +0300, Alex Lyashkov wrote: > > > Another problem is that 'vserver XXX enter' can not be used anymore. Or > > > does there exist a way to enter the namespace of foreign processes? > > > Doing the mounts on every 'enter' seems to be expensive on the first > > > glance. > > > > In kernel not have parts for enter to the namaspace of foregin processes > > but add very easy. that sample working code. > > thought about that, but wasn't sure it is > required for 'visiting' processes, which > could do with a 'wrong' namespace ... > > but you are right, this is obviously the > best solution ... Yura Kohut and I test it with available chroot exploits - it`s can`t breakable and correctly do switching to 'new' context.
-- With best regards, Alex
