Re: Chroot bug

From: Miloslav Semler
Date: Wed Sep 26 2007 - 10:51:31 EST

Next message: Rafael J. Wysocki: "Re: [PATCH] x86-64: Disable local APIC timer use on AMD systems with C1E"
Previous message: Alan Stern: "Re: [PATCH 1/4] module: implement module_inhibit_unload()"
In reply to: Al Viro: "Re: Chroot bug"
Next in thread: Kyle Moffett: "Re: Chroot bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Al Viro napsal(a):

On Wed, Sep 26, 2007 at 03:11:33PM +0200, Miloslav Semler wrote:

As for the nested-chroot() bit, the root user inside of a chroot is always allowed to chroot(). This is necessary for test-suites for various distro installers, chroot once to enter the installer playpen, installer chroots again to configure the test-installed-system. Once you allow a second chroot, you're back at the "can't reliably and efficiently track directory sub-tree members" problem.

So if you think it can and should be fixed, then PROVIDE THE CODE.

Miloslav Semler

man openat

This is really pointless, anyway - any code that expects chroot to be
root-proof is terminally broken.

So thanks for information. I did't know anything about *at functions. So it seems to be more complicated. But maybe it will be good write to manpage "other systems implement it by other way, so this feature is unportable".
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rafael J. Wysocki: "Re: [PATCH] x86-64: Disable local APIC timer use on AMD systems with C1E"
Previous message: Alan Stern: "Re: [PATCH 1/4] module: implement module_inhibit_unload()"
In reply to: Al Viro: "Re: Chroot bug"
Next in thread: Kyle Moffett: "Re: Chroot bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]