[EMAIL PROTECTED] (Rik van Riel) writes: >> * CLONE_NEWNS + pivot_root are requiring CAP_SYS_ADMIN (which >> is not acceptably for vservers); using a new capability for >> CLONE_NEWNS seems to be possible, but pivot_root(2) needs >> additional logic. Else, when executed in root-namespace, >> pivot_root(2) can do really bad things with your system. > > Why pivot_root(2) instead of mount --recbind ?
I can not bind another directory to /dev/root (e.g. after 'mount --bind <chroot> /' I have still the old root-directory). To make secure vserver-chroots I would do ... CLONE_NEWNS ... # mount [--bind] <chroot> /vservers/<xxx> # cd /vservers/<xxx> # pivot_root . old_root # exec chroot . sh -c "umount old_root; exec /sbin/init" </dev/null >/dev/null [from pivot_root(8) manpage] Because of security reason, the last actions should be done in a native binary which is copied from old_root into a newly created tmpfs directory. Enrico
