From: Rik van Riel (riel_at_surriel.com)
Date: Wed 08 Oct 2003 - 12:59:30 BST
On Tue, 7 Oct 2003, Alex Lyashkov wrote:
> On Tuesday 07 October 2003 03:34, Jacques Gelinas wrote:
> > chrootsafe
> > This is a new system call that unlike chroot, can't be escaped.
> why don`t use private namespace ?
Good question. Using CLONE_NEWNS followed by a recursive
bind mount to hide everything else would be so much better
than adding a new syscall.
-- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan