Since VServer appears to be going in (somehow, for some period of time) I spent quite a bit of time while not emailing today reading up on the technology. It's basically some capability bits and somewhat improved chroot implementation AFAICS.

The most disturbing issue VServer seems to address is a trivial escape provided for getting out of a chroot, namely you open a file, do a chroot to a directory below that file, then you can use an fchdir on the file descriptor to move to the parent directories (outside the original root).

It also seems to be saying it has a fix for the mknod stuff (via a capability-based restriction) which is a chroot problem I already knew about. I don't know what to make of the approach, given the seemingly rather poor view of its applicability by a number of implementers.

Anyway, I spent far too long on OLPC today and only wound up getting 1.75 hours on billable projects logged. That doesn't even come close to meeting payroll... sigh. Also haven't finished the taxes yet. Need to do that tomorrow I suppose if I'm going to get it in before month's-end.