[Cialug] CAP_SYS_CHROOT

[Todd Walton]

On Wed, Mar 9, 2022 at 11:57 AM Shane Nehring <shane at ntoast.com> wrote:

> I think the whole idea behind the capabilities is granular permissions
> control, with the idea that you give an application the absolute least
> permissions it needs to run and nothing more, ideally to reduce your attack
> surface.
>

So maybe the intent is to allow one to cut off a code path if it's not
needed, and not necessarily to limit access to chrooting per se? That would
make sense.

--
Todd Walton