Hacker News new | past | comments | ask | show | jobs | submit login

Isn't the rant about chroot kind of addressed by filesystem namespaces in Linux?



pledge() is not chroot-like. unveil() is, kinda. But pledge() is much cooler.


I didn't say it was. There's a long section about chroot() under "Caveats."


Ah, sorry I misunderstood.

Addressed, yeah, but I would not say solved for the general case of all the namespaces.

"Just put me in a (sand)box" is actually really tricky with namespaces, and depends on if you started off as root or not.

More on using namespaces to drop privs: https://blog.habets.se/2022/03/Dropping-privileges.html (another backburner project)

It's early morning so I may be wrong, but my testing seems to show that actually yes you can still fchdir() your way out of a file system namespace.


You're right, it doesn't address the file descriptor leak, only the root restriction (well, user namespaces address that).

But that isn't really an issue with chroot (or namespaces). It's (1) that CLOEXEC is opt-in, not opt-out, and (2) that you need this poll hack to enumerate open file descriptors.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: