Re: setting up chroot jail for ssh
Benedict Verheyen wrote:
Have a look at qemu then. Compared to UML that's childsplay. It will
however run a bit slower.
Apologies if one of the referenced documents already mentions this; but
a straight UML is not secure. The entire kernel runs in process-space:
if you are worried someone would be nasty then they can jump out of the
UML by forcing the UML kernel to do an exec or similar and be running as
a local user on your host. You'd need, at the very least, to patch the
host kernel with SKAS.
Reply to: