31.12.2012, 15:18, "Tetsuo Handa" <from-****@I-lov*****>: > > What if filesystem namespace is unshared and pivot_root is used for bringing > /home/backup to somewhere else? What will happen? I verified by experiment that when I have 1 acl create path="/home/backup/data1/\(\*\)/\*" 1 deny And I do `chroot /home/backup /touch /data1/x` I have access properly denied as expected by me. Realpath seems properly accounted for chroot. 2013/01/01 11:17:37# global-pid=31896 result=denied priority=1 / create path="/home/backup/data1/x" ... task.exe="/home/backup/touch" task.domain="/usr/sbin/sshd" ... So I don't need to care about pivot_root in my case. Regards,
TOMOYO
Fork