LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The isolate utility

The isolate utility

Posted Jan 6, 2010 6:16 UTC (Wed) by drag (subscriber, #31333)
In reply to: The isolate utility by drag
Parent article: The isolate utility

Oh and he never said it was not useful. It's just that if the program has
root privileges then chroot is worthless. If you do it properly with
carefully controlled file discripters and proper setuid and that sort of
thing chroot can be useful, it's just much more difficult to get right then
it seems.

In that specific mailing list discussion people are referring to is
http://kerneltrap.org/mailarchive/linux-kernel/2007/9/19/...

----

Meanwhile with things like BSD Jails, Linux LXC, or Solaris Zones are
designed to be easy for admins to make applications isolated in a proper
manner and can be used with lots of applications that would never really work
out with chroot.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds