diff options
| author | Jeremy Evans <code@jeremyevans.net> | 2017-02-21 08:44:34 -0800 |
|---|---|---|
| committer | Eric Wong <e@80x24.org> | 2017-02-23 20:23:33 +0000 |
| commit | d4e0ced16710e456cd192784ab106091568ebde3 (patch) | |
| tree | d675f83d8279a17abf0eef4e1c3bf60242c165f4 /setup.rb | |
| parent | c8f06be298d667ba85573668ee916680a258c2c7 (diff) | |
| download | unicorn-d4e0ced16710e456cd192784ab106091568ebde3.tar.gz | |
Any chrooting would need to happen inside Worker#user, because you can't chroot until after you have parsed the list of groups, and you must chroot before dropping root privileges. chroot adds an extra layer of security, so that if the unicorn process is exploited, file system access is limited to the chroot directory instead of the entire file system.
Diffstat (limited to 'setup.rb')
0 files changed, 0 insertions, 0 deletions