lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 01 Sep 2014 21:19:08 +0000 (GMT)
From:	Steven Stewart-Gallus <>
Subject: How is pivot_root intended to be used?


I am not confused about how I can currently use pivot_root for
containers on my kernel (version 3.13). Currently a sequence like:

    if (-1 == syscall(__NR_pivot_root, ".", ".")) {
        return EXIT_FAILURE;

    if (-1 == umount2(".", MNT_DETACH)) {
        return EXIT_FAILURE;

    /* pivot_root() may or may not affect its current working
     * directory.  It is therefore recommended to call chdir("/")
     * immediately after pivot_root().
     * -
    if (-1 == chdir("/")) {
        return EXIT_FAILURE;

works. However, I am completely and totally confused about how the
pivot_root system call is intended to be used here and have absolutely
no idea if this will work in the future. This concerns me because I
don't want my program to potentially develop silent security bugs on
future versions of the Linux kernel.

Some information about the context. I am sandboxing a program just
after it has done a fork, unshared the mount namespace, setup a
sandbox directory and changed into it. If you just want to look at the
code, the actual code is avaliable at

Thank you,
Steven Stewart-Gallus
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists