Re: Non-root chroot

Jason Bacon <bacon4000@gmail.com> wrote:

> > But usermounts are mounted nosuid.
>
> I knew that at one time, but it slipped my mind.  ;-)  Thanks for the 
> reminder...

:-) Happens to us all!

> > Would forcing all user-chrooted trees to be no-suid-root solve this,
> > do you think?

> It's already forced, but requires user-action.  If the user does not use 
> -n, the chroot will fail.  I suggested on the phabricator thread that 
> this should not be necessary, and PROC_NO_NEW_PRIVS_CTL should be set 
> automatically based on getuid() != 0.  This won't affect security, just 
> make the UI more elegant.

Ah, thanks. I didn't know that.
Cheers, Jamie