diff options
author | Colin Walters <walters@verbum.org> | 2015-09-05 11:06:52 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2015-09-05 11:06:52 -0400 |
commit | 1209d5e8070a7081582b40ccb60b79cb9eb69356 (patch) | |
tree | 787d91714b29c9eb5ffea32ba27d6520dc2f75a3 | |
parent | 4b9efbfb1fd3c543e7808af90bc8e9730c1ba6e9 (diff) | |
download | linux-user-chroot-1209d5e8070a7081582b40ccb60b79cb9eb69356.tar.gz |
TODO: Update
-rw-r--r-- | TODO | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -0,0 +1,20 @@ +Import read only system +----------------------- + +I'd like to make it easy to capture just /usr from the host, without +e.g. /home or any other network mounts. Probably the easiest way to +do this is `--tmpfs-root` or something, and have that auto-create +mount points for `/dev` etc. Then one could `--mount-bind /usr /usr`. + +seccomp profile +1 +------------------ + + - Look at what Chromium/ChromeOS are doing? + +Avoid creating any files as root/share tmpfs +-------------------------------------------- + +We're creating device nodes owned by root, which means +quota is counted against root. Can we share a tmpfs +that we create as non-root, and ensure every file we +make is owned by the target uid? |