You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think additional layer of filesystem security could be added using namespaces. That basically means to "isolate" filesystem to the user directory when FS operation will be performed so it would be impossible to access outer files on OS level similar to how container runtimes like Docker do that. How can that be done specifically is described in this article.
P. S. I have not looked into how new Ptero filesystem implementation works after last CVE so this may not be needed already
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I think additional layer of filesystem security could be added using namespaces. That basically means to "isolate" filesystem to the user directory when FS operation will be performed so it would be impossible to access outer files on OS level similar to how container runtimes like Docker do that. How can that be done specifically is described in this article.
P. S. I have not looked into how new Ptero filesystem implementation works after last CVE so this may not be needed already
Beta Was this translation helpful? Give feedback.
All reactions