Christian Jaeger <christian.jaeger@sl.ethz.ch> writes: > I think another one is creating a [k]mem device (haven't tried > it). Afaik, LIDS people had to introduce/implement a new capability to > block direct memory access, which implies that on a normal kernel you > can't prevent root from escaping chroot. And there's the way out mentioned in the chroot(2) manpage. -- Alan Shutko <ats@acm.org> - In a variety of flavors! I have not yet begun to byte!