Top Content Up

2.1 Non reversible isolation

Next

Unix and Linux have always had the chroot() system call. This call was used to trap a process into a sub-directory. After the system-call, the process is led to believe that the sub-directory is now the root directory. This system call can't be reversed. In fact, the only thing a process can do is trap itself further and further in the file-system (calling chroot() again).

The strategy is to introduce new system calls trapping the processes in other areas within the server.

Top Content Up

Next
Table of content
One big HTML document