NEWS: Document /dev bind mountingrelease/schroot-1.4.6 debian/schroot-1.4.6-1

author: Roger Leigh <rleigh@debian.org> 2010-07-05 22:58:51 +0100
committer: Roger Leigh <rleigh@debian.org> 2010-07-05 22:58:51 +0100
commit: 6493ac2987bdf56680c919aa83a3a128a8e6bc12 (patch)
tree: 9d0bc6d6aae8cc79f4526438da9c5aedb09105c0
parent: 9bbf64b843ac366350098f1e6be4f31c62f72e02 (diff)
download: schroot-release/schroot-1.4.6.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index c0ac7fe9..aa0aa766 100644
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,13 @@ configuration.
      in stray files being left in the session and mount directories.
      This should no longer occur.
 
+  5) Users should note that by default the entirety of /dev is bind
+     mounted into the chroot environment.  If this has security
+     implications, the "minimal" profile does not mount any of /dev
+     into the chroot and may be a more secure alternative.  For most
+     situations, mounting /dev in the chroot and providing full access
+     to the devices on the host system is perfectly acceptable.
+
 * Major changes in 1.4.5:
 
   1) A new chroot type, "btrfs-snapshot", has been added.  This is
author	Roger Leigh <rleigh@debian.org>	2010-07-05 22:58:51 +0100
committer	Roger Leigh <rleigh@debian.org>	2010-07-05 22:58:51 +0100
commit	6493ac2987bdf56680c919aa83a3a128a8e6bc12 (patch)
tree	9d0bc6d6aae8cc79f4526438da9c5aedb09105c0
parent	9bbf64b843ac366350098f1e6be4f31c62f72e02 (diff)
download	schroot-release/schroot-1.4.6.tar.gz