Y
Hacker News
new
|
ask
|
show
|
jobs
by
kalmar
2956 days ago
I'm curious why chroot is used instead of mount namespace and pivot_root(2). This would let them get away without CAP_SYS_CHROOT, while also providing stronger filesystem isolation.