No description
Find a file
Harald van Dijk 5451b8db9d Use pivot_root in addition to chroot when possible
chroot only changes the process root directory, not the mount namespace root
directory, and it is well-known that any process with chroot capability can
break out of a chroot "jail". By using pivot_root as well, and unmounting the
original mount namespace root directory, breaking out becomes impossible.

Non-root processes typically have no ability to use chroot() anyway, but they
can gain that capability through the use of clone() or unshare(). For security
reasons, these syscalls are limited in functionality when used inside a normal
chroot environment. Using pivot_root() this way does allow those syscalls to be
put to their full use.
2015-02-16 12:18:19 +01:00
config Add config.guess, config.sub and install-sh 2013-11-25 11:26:02 +00:00
corepkgs Use proper quotes everywhere 2014-08-20 18:03:48 +02:00
doc Typo 2015-02-04 18:17:06 +01:00
misc Typo 2014-11-04 10:31:17 +01:00
mk Merge branch 'cygwin-master' of https://github.com/ternaris/nix 2014-12-14 01:49:14 +01:00
perl Make libsodium an optional dependency 2015-02-10 11:54:06 +01:00
scripts nix-build: Respect -Q during evaluation 2015-02-08 20:44:05 -05:00
src Use pivot_root in addition to chroot when possible 2015-02-16 12:18:19 +01:00
tests Make libsodium an optional dependency 2015-02-10 11:54:06 +01:00
.gitignore Add exe, dll to .gitignore 2014-12-15 23:34:13 +08:00
bootstrap.sh bootstrap: Simplify & make more robust. 2011-09-06 12:11:05 +00:00
configure.ac Use pivot_root in addition to chroot when possible 2015-02-16 12:18:19 +01:00
COPYING * Change this to LGPL to keep the government happy. 2006-04-25 16:41:06 +00:00
dev-shell Make dev-shell script work on Darwin 2014-07-16 11:53:47 +02:00
INSTALL * Autoconf / Automake configuration and building. 2003-04-04 16:14:56 +00:00
local.mk Install config.h only once 2014-08-20 18:33:07 +02:00
Makefile Add a launchd configuration file to run nix-daemon 2014-11-04 10:30:22 +01:00
Makefile.config.in Make libsodium an optional dependency 2015-02-10 11:54:06 +01:00
nix.spec.in Update spec file 2014-09-18 15:42:01 +02:00
README * Install documentation in $(docdir) (i.e. share/doc/nix). 2008-11-19 13:19:09 +00:00
release.nix Revert "Remove Fedora 18, 19 builds" 2015-02-12 17:44:29 +01:00
version Bump version number 2014-12-15 18:05:56 +01:00

Nix is a purely functional package manager.  For installation and
usage instructions, please read the manual, which can be found in
`docs/manual/manual.html', and additionally at the Nix website at
<http://nixos.org/>.


Acknowledgments

This product includes software developed by the OpenSSL Project for
use in the OpenSSL Toolkit (http://www.OpenSSL.org/).