On Thu, Jul 17, 2014 at 08:35:04AM +0200, Eric Sesterhenn wrote: > On 07/16/2014 08:04 PM, Ben Pfaff wrote: > > On Wed, Jul 16, 2014 at 02:53:37PM -0300, Flavio Leitner wrote: > >> On Wed, Jul 16, 2014 at 09:56:20AM -0700, Ben Pfaff wrote: > >>> On Wed, Jul 16, 2014 at 10:39:17AM -0300, Flavio Leitner wrote: > >>> There's more than one way to chroot. Maybe Eric is thinking of a > >>> model where one chroots to an empty directory, after opening all the > >>> files that one needs. But I don't think he really explained the > >>> model. > >> > >> That's true and it looks like ovsdb-server doesn't need to re-open it. > >> > >> But that apparently won't work for vswitchd without breaking tap > >> devices support. > > thats the reason why i looked at the ovsdb-server first. > > My intent was to reduce the privileges by putting it into an > empty chroot, after all required files are opened. In order to make > sure, that an attacker can not do much inside this chroot, it is checked, > that the chroot is non-writeable.
The problem with enforcing non-writeable chroot is that we lose the ability to dump a core in case of a problem. So, I think that could be a warning or optional, but not enforced as proposed now. fbl _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
