| commit | d4e0ced16710e456cd192784ab106091568ebde3 | |
| author | Jeremy Evans <code@jeremyevans.net> | |
| Tue, 21 Feb 2017 16:44:34 +0000 (21 08:44 -0800) | ||
| committer | Eric Wong <e@80x24.org> | |
| Thu, 23 Feb 2017 20:23:33 +0000 (23 20:23 +0000) | ||
| tree | d675f83d8279a17abf0eef4e1c3bf60242c165f4 | treesnapshot (tar.gz zip) |
| parent | c8f06be298d667ba85573668ee916680a258c2c7 | commitdiff |
Add support for chroot to Worker#user
Any chrooting would need to happen inside Worker#user, because
you can't chroot until after you have parsed the list of groups,
and you must chroot before dropping root privileges.
chroot adds an extra layer of security, so that if the unicorn
process is exploited, file system access is limited to the chroot
directory instead of the entire file system.
Any chrooting would need to happen inside Worker#user, because
you can't chroot until after you have parsed the list of groups,
and you must chroot before dropping root privileges.
chroot adds an extra layer of security, so that if the unicorn
process is exploited, file system access is limited to the chroot
directory instead of the entire file system.
| lib/unicorn/worker.rb | diffblobblamehistory |