chroot

Traditional sandbox first appeared in Unix in 1979, BSD shortly afterwards.

changes the meaning of "/" for a process (and its children). chroot("/tmp/jail")will disallow processes from getting out of the jail. And used to be the de-facto sandboxing utility

root 밖으로 벗어날 수 없음 일반적으로

하지만 escape_chroot.c 같은 파일로 탈옥가능

탈옥했다는 거는 real root를 취득했다는 말

chroot pitfalls: previously open resources

Neither of the effects of chroot() do anything to previously-open resources.

docker image chroot

Google Cloud metrics | Cloud Monitoring

"type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }] Cloud Monitoring supports the metric types from Google Cloud services listed on this page.

http://cloud.google.com/monitoring/api/metrics_gcp#gcp-run

chroot

chroot pitfalls: previously open resources

docker image chroot

Recommendations