Unprivileged chroot()

Posted Mar 19, 2021 0:22 UTC (Fri) by kentonv (subscriber, #92073)
In reply to: Unprivileged chroot() by flussence
Parent article: Unprivileged chroot()

Right, but, my point is that the proposed feature would let anyone break out of chroots even if they were set up "correctly".

Unprivileged chroot()

Posted Mar 19, 2021 18:32 UTC (Fri) by l0kod (subscriber, #111864) [Link] (2 responses)

This is the reason of the unprivileged chroot limitations. It is only allowed to chroot one time: https://lore.kernel.org/lkml/20210316203633.424794-2-mic@...

Unprivileged chroot()

Posted Mar 19, 2021 21:56 UTC (Fri) by kentonv (subscriber, #92073) [Link] (1 responses)

Ahhhhh I see.

That seems like a disappointing limitation though... any program that uses this feature will mysteriously break when run in a chroot.

Unprivileged chroot()

Posted Mar 21, 2021 10:50 UTC (Sun) by smurf (subscriber, #17840) [Link]

Running in a plain chroot isn't a good idea anyway; as soon as you do anything nontrivial things tend to break. The new unprivileged-chroot sycall is just one more example of many.

Much better to use systemd-nspawn or some other tool that sets up a "real" file system namespace. The unprivileged chroot(2) will work there.