From: Sascha Silbe (sascha-news-NOSPAM_at_silbe.org)
Date: Sun 01 Dec 2002 - 02:14:08 GMT
Note that the new system calls (new_s_context and set_ipv4root) are not
controlled by capabilities. They are by nature irreversible. Once a virtual
server is trapped in a chroot/s_context/ipv4root box, it can't escape from
the parameters of this trap.
asmlinkage int sys_set_ipv4root (__u32 ip, int nbip, __u32 bcast)
}else if (ip_info == NULL
|| ip_info->ipv4 == 0
// We are allowed to change everything
ret = 0;
So the docu says no capability enables one to break out of ipv4root, but the
source suggests otherwise.
Am I missing some important fact or is it a mismatch between theory and
-- Registered Linux User #77587 (http://counter.li.org/)
bomb terrorist afghanistan PGP encrypt CIA FBI BND MAD StaSi anschlag strike sex pussy xxx kill bj hitler Gates MS Windows ZV ZDV