Closed josalhor closed 5 years ago
seirl
commented
5 years ago I'm not sure what you would want to achieve with pivot_root. It's typically used by the initrd to make the kernel use the newly mounted file system as its root, it has little to do with isolation.
josalhor
commented
5 years ago My guess was, and correct me if I'm wrong here, that changing the root of the file system, as opposed as moving the root directory, prevents accessing the mountpoints over the new root directory through the Virtual File System.
seirl
commented
5 years ago Again, pivot_root is intended to be used by the initrd. It cannot be used here.
gollux
commented
5 years ago I also don't see how to use pivot_root as a security mechanism. I am closing this issue, but if you have any relevant way how to use pivot_root in a sensible way, feel free to re-open it.
I couldn't find any reference on this repo about pivot_root. It can be used together with chroot; was it ever considered as a security measure? Would there be any drawbacks in adding it?