Closed nabijaczleweli closed 2 years ago
Chroots don't allow CLONE_NEWUSER. We need to privatise all mount-points as-if by mount --make-rprivate / (unshare(1) already does this by default) to prevent our new /proc leaking when running as true root.
mount --make-rprivate /
/proc
Tested as normal user and root-in-chroot.
Chroots don't allow CLONE_NEWUSER. We need to privatise all mount-points as-if by
mount --make-rprivate /(unshare(1) already does this by default) to prevent our new/procleaking when running as true root.Tested as normal user and root-in-chroot.