On Feb 26, Alexander Viro <[EMAIL PROTECTED]> wrote: >There is no way to implement them without credentials' cache. Which needs >to be done for many other reasons, but that's a separate patch and >separate story. If it's done - no serious penalty involved. However, >I doubt that we want a union on / itself. /dev - sure, /bin and /lib - >maybe, but /... What for? What I'd really like to do is remount / somewhere with mount --bind, mount over it another skeleton file system which hides setuid programs and some directories and then run a chrooted sshd in the new root. If I'm not missing something, this would make creation of secure chroot environments very easy. >Tomorrow I'll try to catch Erik and talk with him about that. I'm not sure >that I know anyone in Debian Install System Team (oh, boy... somebody sure Just write to [EMAIL PROTECTED] -- ciao, Marco - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Re: [PATCH][CFT] per-process namespaces for Linux Rick Hohensee
- Re: [PATCH][CFT] per-process namespaces for Linux Alexander Viro
- [PATCH][CFT] per-process namespaces for Linux Manfred Spraul
- Re: [PATCH][CFT] per-process namespaces for Linux Alexander Viro
- Re: [PATCH][CFT] per-process namespaces for Li... Sandy Harris
- Re: [PATCH][CFT] per-process namespaces fo... Alexander Viro
- Re: [PATCH][CFT] per-process namespace... Werner Almesberger
- Re: [PATCH][CFT] per-process name... Alexander Viro
- Re: [PATCH][CFT] per-process ... Werner Almesberger
- Re: [PATCH][CFT] per-process ... Alexander Viro
- Re: [PATCH][CFT] per-process ... Marco d'Itri
- Re: [PATCH][CFT] per-process ... Alexander Viro
- Re: [PATCH][CFT] per-process ... Alexander Viro
- Re: [PATCH][CFT] per-process ... Alexander Viro
- Re: [PATCH][CFT] per-process ... Albert D. Cahalan
- Re: [PATCH][CFT] per-process ... Alexander Viro
- Re: [PATCH][CFT] per-process ... David L. Parsley
- Re: [PATCH][CFT] per-process ... Alexander Viro
- Re: [PATCH][CFT] per-process ... Ion Badulescu
- Re: [PATCH][CFT] per-process ... Alexander Viro
- Re: [PATCH][CFT] per-process ... Ion Badulescu