This can be achieved with what is called 'type enforcement'. Basically
you assign a type to all files on the system. Then you let processes
be allowed certain operations on types of files. Type enforcement is a
type of mandatory access control.
What people often really want when you use chroot is some sort of
mandatory access control to files on the system. What *I* usually want
when I use chroot is to have a 'machine within the machine' - to be
able to bootstrap a system for example. That's what chroot is good
for.
astor
-- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu