Hmm... what about when chroot is used to bring up the system (in a
fashion analogous to initrd, but without being ramdisk specific)?
I think what you'd really need for security is not just chroot, but
something to declare certain file systems (and their corresponding
devices) off limits to a process and its decendants. Then it wouldn't
matter how the references to those file systems were generated.
-- Raul- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu