Ctrlk

Ctrlk

Secure Execution Environments
Introduction
Security in Operating Systems
Virtualization on Intel Processors
Intel Software Guard Extensions
ARM TrustZone
Linux Kernel Namespaces
LXC Linux Containers
- Container
- LXC containers
AppArmor
TPM (Trusted Platform Module)
Bootstrap security

Powered by GitBook

On this page

Security in Operating Systems

Privilege reduction

`chroot` mechanism (or jail)

Used to reduce the visibility of a file system.

Each process descriptor has a root i-node number.
- From which absolute pathname resolution takes place.
chroot changes it to an arbitrary directory.
- The process file system view gets reduced.

Used to protect the file system from potentially problematic applications.

e.g. public servers and downloaded applications.
But it is not bulletproof!

Last updated 1 year ago