looks like Linux will get an AT_BENEATH flag for filesystem ops, enabling code to sandbox itself without using namespaces :)
kinda. unlike Linux chroot(2), it'll probably provide usable security guarantees, and you can restrict yourself to multiple dirs at once
-
-
I lol-ed at usable security guarantees wrt chroot :)
-
Other Unixes have usable security guarantees wet chroot...
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.