Re: [uml-user] Re: user-mode port 0.58-2.4.18-36

From: Pavel Machek (pavel@ucw.cz)
Date: Mon Jul 08 2002 - 22:16:18 EST

Next message: Pavel Machek: "Re: StackPages errors (CALLTRACE)"
Previous message: Pavel Machek: "Re: prevent breaking a chroot() jail?"
Next in thread: Jeff Dike: "Re: [uml-user] Re: user-mode port 0.58-2.4.18-36"
Reply: Jeff Dike: "Re: [uml-user] Re: user-mode port 0.58-2.4.18-36"
Reply: Jeff Dike: "Re: [uml-user] Re: user-mode port 0.58-2.4.18-36"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > So... what prevents uml root from inserting rogue module (perhaps
> > using /dev/kmem) and escape the jail?
>
> That's prevented by the admin taking basic precautions and turning on 'jail',
> which refuses to run if module support is present and which also disables
> writing to /dev/kmem.

...and using CAP_SYS_RAWIO...
Pavel

-- 
Worst form of spam? Adding advertisment signatures ala sourceforge.net.
What goes next? Inserting advertisment *into* email?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: StackPages errors (CALLTRACE)"
Previous message: Pavel Machek: "Re: prevent breaking a chroot() jail?"
Next in thread: Jeff Dike: "Re: [uml-user] Re: user-mode port 0.58-2.4.18-36"
Reply: Jeff Dike: "Re: [uml-user] Re: user-mode port 0.58-2.4.18-36"
Reply: Jeff Dike: "Re: [uml-user] Re: user-mode port 0.58-2.4.18-36"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jul 15 2002 - 22:00:15 EST