Christian Jaeger <firstname.lastname@example.org> writes: > I think another one is creating a [k]mem device (haven't tried > it). Afaik, LIDS people had to introduce/implement a new capability to > block direct memory access, which implies that on a normal kernel you > can't prevent root from escaping chroot. And there's the way out mentioned in the chroot(2) manpage. -- Alan Shutko <email@example.com> - In a variety of flavors! I have not yet begun to byte!