chroot breakout (was: Xen 2.0 Virtual Machine)

[David Nicol]

calling chroot requires superuser priv.  I imagine, without a whole
lot of basis,
that the extended priv systems (SELinux, etc) can abstract choot rights to a
more restricted credential.

SELilnux strikes me as a magic trick -- by redefining the security policy,
user ID zero no longer means superuser.  Something else means superuser 
instead.

for finding out if a kernel will work with your hardware, there really is no
substitute for trying it on a second machine with the same hardware.  

-- 
David L Nicol
"How cool is that?" -- Elgie