First page Back Continue Last page Summary Graphics

Summary

chroot jail contains only UML binary and filesystem
UML runs as 'nobody'
Directory non-writeable
UML non-writeable and immutable
Filesystem non-executable
'nobody' accesses everything as 'other'

Notes:

This simply summarizes the guidelines from the previous set of slides.