Harald van Dijk 5451b8db9d Use pivot_root in addition to chroot when possible ... chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use.		2015-02-16 12:18:19 +01:00
..
boost	boost::shared_ptr -> std::shared_ptr	2014-03-30 00:49:23 +01:00
bsdiff-4.3	Fix "make dist"	2014-02-01 14:38:12 +01:00
download-via-ssh	Pedantry	2014-12-14 01:51:14 +01:00
libexpr	Remove tab	2015-02-05 17:21:30 +01:00
libmain	Allow $NIX_PAGER to override $PAGER	2015-01-02 15:26:56 +01:00
libstore	Use pivot_root in addition to chroot when possible	2015-02-16 12:18:19 +01:00
libutil	Add base64 encoder/decoder	2015-02-10 11:33:33 +01:00
nix-daemon	Silence some warnings on GCC 4.9	2014-12-12 17:14:28 +01:00
nix-env	Fix assertion failure in nix-env	2015-01-15 12:15:22 +01:00
nix-hash	Use proper quotes everywhere	2014-08-20 18:03:48 +02:00
nix-instantiate	Remove canary stuff	2014-12-12 10:59:50 +01:00
nix-log2xml	nix-log2xml: Handle newlines	2014-08-13 19:06:20 +02:00
nix-store	Make libsodium an optional dependency	2015-02-10 11:54:06 +01:00