NEWS: Document /dev bind mounting

author: Roger Leigh <rleigh@debian.org> 2010-07-05 22:58:51 +0100
committer: Roger Leigh <rleigh@debian.org> 2010-07-11 20:55:41 +0100
commit: b809652b2565e40d3509e68ab2642b2bc7fd1fb3 (patch)
tree: af82fff3ff70dfd511dab2340a15852a344e7445
parent: 7c56db33e989fb91710f59fdfdbcf9804640864a (diff)
download: schroot-b809652b2565e40d3509e68ab2642b2bc7fd1fb3.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index d3b0ef96..75796ba6 100644
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,13 @@ configuration.
      in stray files being left in the session and mount directories.
      This should no longer occur.
 
+  5) Users should note that by default the entirety of /dev is bind
+     mounted into the chroot environment.  If this has security
+     implications, the "minimal" profile does not mount any of /dev
+     into the chroot and may be a more secure alternative.  For most
+     situations, mounting /dev in the chroot and providing full access
+     to the devices on the host system is perfectly acceptable.
+
 * Major changes in 1.4.5:
 
   1) A new chroot type, "btrfs-snapshot", has been added.  This is
author	Roger Leigh <rleigh@debian.org>	2010-07-05 22:58:51 +0100
committer	Roger Leigh <rleigh@debian.org>	2010-07-11 20:55:41 +0100
commit	b809652b2565e40d3509e68ab2642b2bc7fd1fb3 (patch)
tree	af82fff3ff70dfd511dab2340a15852a344e7445
parent	7c56db33e989fb91710f59fdfdbcf9804640864a (diff)
download	schroot-b809652b2565e40d3509e68ab2642b2bc7fd1fb3.tar.gz