* Re: [gentoo-dev] An example overlayfs sandbox test
@ 2017-09-23 0:18 99% ` Rich Freeman
0 siblings, 0 replies; 1+ results
From: Rich Freeman @ 2017-09-23 0:18 UTC (permalink / raw
To: gentoo-dev
On Fri, Sep 22, 2017 at 4:43 PM, James McMechan
<james_mcmechan@hotmail.com> wrote:
>
> # now create a separate mount namespace non-persistent
> unshare -m bash
>
If you're going to go to the trouble to set up a container, you might
as well add some more isolation:
unshare --mount --net --pid --uts --cgroup --fork --ipc --mount-proc bash
I'm not sure how much of a hassle mapping a uid namespace would be or
if it would really add anything, especially if this chroots to portage
right away.
--
Rich
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2017-09-22 23:43 [gentoo-dev] An example overlayfs sandbox test James McMechan
2017-09-23 0:18 99% ` Rich Freeman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox