[Cialug] CAP_SYS_CHROOT
Todd Walton
tdwalton at gmail.com
Wed Mar 9 19:39:21 UTC 2022
On Wed, Mar 9, 2022 at 11:57 AM Shane Nehring <shane at ntoast.com> wrote:
> I think the whole idea behind the capabilities is granular permissions
> control, with the idea that you give an application the absolute least
> permissions it needs to run and nothing more, ideally to reduce your attack
> surface.
>
So maybe the intent is to allow one to cut off a code path if it's not
needed, and not necessarily to limit access to chrooting per se? That would
make sense.
--
Todd Walton
More information about the Cialug
mailing list