diff options
author | Colin Walters <walters@verbum.org> | 2015-09-01 14:28:56 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2015-09-01 14:28:56 -0400 |
commit | 032e952b05567db521a57d755cafe52728f47e05 (patch) | |
tree | 1f503998f14dc401befca1ed0c902ec533f1d0ba | |
parent | add404693b04c56dda2f33398390a6f20263f87c (diff) | |
download | linux-user-chroot-032e952b05567db521a57d755cafe52728f47e05.tar.gz |
docs: Update to note we do containers, but are mainly for build systems
-rw-r--r-- | doc/linux-user-chroot.8 | 3 | ||||
-rw-r--r-- | src/linux-user-chroot.c | 14 |
2 files changed, 10 insertions, 7 deletions
diff --git a/doc/linux-user-chroot.8 b/doc/linux-user-chroot.8 index 20e61e5..1b64d50 100644 --- a/doc/linux-user-chroot.8 +++ b/doc/linux-user-chroot.8 @@ -32,7 +32,8 @@ linux\-user\-chroot \- safely allow normal users to chroot .IR ARGS... .SH DESCRIPTION .B linux\-user\-chroot -is a tool meant for building software in a clean environment. +is a setuid program that allows non-root users to safely use some Linux +kernel container features. It is primarily intended for use by build systems. The user needs to create a directory tree with the build dependencies needed, and only those, and then diff --git a/src/linux-user-chroot.c b/src/linux-user-chroot.c index e3f4d75..87d85b0 100644 --- a/src/linux-user-chroot.c +++ b/src/linux-user-chroot.c @@ -1,12 +1,14 @@ /* -*- mode: c; tab-width: 2; indent-tabs-mode: nil -*- * - * linux-user-chroot: A setuid program that allows non-root users to safely chroot(2) + * linux-user-chroot: A setuid program for non-root users to safely create containers * - * "safely": I believe that this program, when deployed as setuid on a - * typical "distribution" such as RHEL or Debian, does not, even when - * used in combination with typical software installed on that - * distribution, allow privilege escalation. See the README for more - * details. + * This program is primarily intended for use by build systems. + * + * Let me elaborate on "safely": I believe that this program, when + * deployed as setuid on a typical "distribution" such as RHEL or + * Debian, does not, even when used in combination with typical + * software installed on that distribution, allow privilege + * escalation. See the README for more details. * * Copyright 2011,2012,2015 Colin Walters <walters@verbum.org> * |