Date: Sat, 27 Mar 2021 02:12:42 +0300 From: Askar Safin <safinaskar@...l.ru> To: Mickaël Salaün <mic@...ikod.net>, kernel-hardening@...ts.openwall.com, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2) Hi. Unprivileged users already can do chroot. He should simply create userns and then call "chroot" inside. As an LWN commenter noted, you can simply run "unshare -r /usr/sbin/chroot some-dir". (I recommend reading all comments: https://lwn.net/Articles/849125/ .) Also: if you need chroot for path resolving only, consider openat2 with RESOLVE_IN_ROOT ( https://lwn.net/Articles/796868/ ). == Askar Safin https://github.com/safinaskar
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.