Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-01-26 | improve examples/chroottar.py | Helmut Grohne | |
* Drop supplementary groups. Very likely, those are not mapped inside and they cannot cause much good. * Sane permission for the root directory. Otherwise no non-root user can access any files. | |||
2024-01-25 | examples/chroottar.py: work when TMPDIR is private | Helmut Grohne | |
When TMPDIR has restrictive permissions, the namespace may be unable to access the leading components. Thus we put the supervisor process handling the cleanup into a different namespace that has all the ids plus the current uid mapped. It'll then be able to perform the cleanup (and the initial chown). | |||
2024-01-25 | new example chroottar.py | Helmut Grohne | |