Quoting Samuel Thibault (2014-07-02 23:19:17) > Svante Signell, le Wed 02 Jul 2014 23:13:34 +0200, a écrit : > > - Run in a subhurd or chroot, which is best? > > It depends which isolation you want. Subhurd is almost complete > isolation. Chroots share the proc, auth etc. servers.
This only holds for rather tiny values of complete isolation. Our proc server is not subhurd-aware, a sufficiently privileged user inside the subhurd can manipulate processes outside the subhurd environment. If you use subhurds, you must not use sysvinit to shut down the subhurd. Doing so will bring down your system, as killall5 will kill vital system servers. Justus
