diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-06-23T04·51-0400 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-06-23T04·51-0400 |
commit | 7ffa523fd15fcd9ab1a0ad85db860f467869946a (patch) | |
tree | bba690bd6f67a671e308d1421f4ce026a5685153 /misc | |
parent | df716c98d203ab64cdf05f9c17fdae565b7daa1c (diff) |
In chroot builds, use a private SysV IPC namespace
This improves isolation a bit further, and it's just one extra flag in the unshare() call. P.S. It would be very cool to use CLONE_NEWPID (to put the builder in a private PID namespace) as well, but that's slightly more risky since having a builder start as PID 1 may cause problems.
Diffstat (limited to 'misc')
0 files changed, 0 insertions, 0 deletions