![]() and the user shouldn't be able to escape it. However, you can launch WSL directly into this jail with something like: wsl -u root -e sh -c "cd /newroot exec /usr/sbin/chroot /newroot/" su - username ![]() Ultimately I do believe you'll have to create a chroot jail. However, even with automounting turned off, if I recall correctly, the Windows drives can still be manually mounted since that functionality is provided by the WSL /init. That at least prevents the root user from being able "restart" the WSL instance. That said, I'd definitely start with a /etc/wsl.conf that includes: ĭisabling interop will be important for preventing a root user from calling the wsl.exe command from inside WSL. The mechanism for disabling automounting and interop is through the /etc/wsl.conf file, but, of course someone with root access to the WSL instance can still edit that and undo your changes. WSL really is designed for Windows/Linux interop. Completely turning off the ability for root to get access to the Windowsĭrives might be a bit tough.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |