public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* Re: [gentoo-dev] An example overlayfs sandbox test
  @ 2017-09-23  0:18 99% ` Rich Freeman
  0 siblings, 0 replies; 1+ results
From: Rich Freeman @ 2017-09-23  0:18 UTC (permalink / raw
  To: gentoo-dev

On Fri, Sep 22, 2017 at 4:43 PM, James McMechan
<james_mcmechan@hotmail.com> wrote:
>
> # now create a separate mount namespace non-persistent
> unshare -m bash
>

If you're going to go to the trouble to set up a container, you might
as well add some more isolation:

unshare --mount --net --pid --uts --cgroup --fork --ipc --mount-proc bash

I'm not sure how much of a hassle mapping a uid namespace would be or
if it would really add anything, especially if this chroots to portage
right away.

-- 
Rich


^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2017-09-22 23:43     [gentoo-dev] An example overlayfs sandbox test James McMechan
2017-09-23  0:18 99% ` Rich Freeman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox