access to proc filesystem from chrooted process

Peri Hankey (Peri.Hankey@telemips.com)
Wed, 19 May 1999 14:22:04 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: G. Allen Morris III: "Re: knfsd messages"
Previous message: Keith Owens: "Re: sometimes keyboard resets to default 6 chars a sec."

There is a suggestion in the kernel sources that a chrooted process should only
be able to see processes that have the same root or that have a more restricted
root.

The comment is in the source for fs/proc/inode.c:

http://lxr.linux.no/source/fs/proc/inode.c?v=2.3.3#L161

169 * XXX TODO: use the dentry mechanism to make off-limits procs simply
170 * invisible rather than denied? Does each namespace root get its own
171 * dentry tree?

I wondered if anyone has done this, and wheter there are plans to include
this in the main source tree.

Regards
Peri Hankey

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: G. Allen Morris III: "Re: knfsd messages"
Previous message: Keith Owens: "Re: sometimes keyboard resets to default 6 chars a sec."