qyriad/lix
1
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity
lix/src/libstore
History
Harald van Dijk 5451b8db9d Use pivot_root in addition to chroot when possible 
chroot only changes the process root directory, not the mount namespace root
directory, and it is well-known that any process with chroot capability can
break out of a chroot "jail". By using pivot_root as well, and unmounting the
original mount namespace root directory, breaking out becomes impossible.

Non-root processes typically have no ability to use chroot() anyway, but they
can gain that capability through the use of clone() or unshare(). For security
reasons, these syscalls are limited in functionality when used inside a normal
chroot environment. Using pivot_root() this way does allow those syscalls to be
put to their full use.
2015-02-16 12:18:19 +01:00
..
build.cc Use pivot_root in addition to chroot when possible 2015-02-16 12:18:19 +01:00
derivations.cc Use proper quotes everywhere 2014-08-20 18:03:48 +02:00
derivations.hh If a .drv cannot be parsed, show its path 2014-04-08 19:24:29 +02:00
gc.cc Ensure we're writing to stderr in the builder 2014-12-12 14:35:44 +01:00
globals.cc Settings: Add bool get() 2014-09-17 15:18:13 +02:00
globals.hh Settings: Add bool get() 2014-09-17 15:18:13 +02:00
local-store.cc Doh^2 2015-01-08 16:59:22 +01:00
local-store.hh Clean up temp roots in a more C++ way 2014-11-19 17:07:29 +01:00
local.mk Update spec file 2014-09-18 15:42:01 +02:00
misc.cc Use proper quotes everywhere 2014-08-20 18:03:48 +02:00
misc.hh Don't set $preferLocalBuild and $requiredSystemFeatures in builders 2013-06-20 18:07:27 +00:00
nix-store.pc.in Install some pkgconfig files 2014-09-18 12:00:40 +02:00
optimise-store.cc Pedantry 2014-12-14 01:51:14 +01:00
pathlocks.cc Ensure we're writing to stderr in the builder 2014-12-12 14:35:44 +01:00
pathlocks.hh Use "#pragma once" to prevent repeated header file inclusion 2012-07-18 14:59:03 -04:00
references.cc Use proper quotes everywhere 2014-08-20 18:03:48 +02:00
references.hh Use "#pragma once" to prevent repeated header file inclusion 2012-07-18 14:59:03 -04:00
remote-store.cc Merge branch 'cygwin-master' of https://github.com/ternaris/nix 2014-12-14 01:49:14 +01:00
remote-store.hh Add an 'optimiseStore' remote procedure call. 2014-09-01 23:53:26 +02:00
schema.sql * Store the size of a store path in the database (to be precise, the 2010-11-16 17:11:46 +00:00
store-api.cc Use proper quotes everywhere 2014-08-20 18:03:48 +02:00
store-api.hh Add an 'optimiseStore' remote procedure call. 2014-09-01 23:53:26 +02:00
worker-protocol.hh Add an 'optimiseStore' remote procedure call. 2014-09-01 23:53:26 +02:00