aboutsummaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md51
1 files changed, 51 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b456289
--- /dev/null
+++ b/README.md
@@ -0,0 +1,51 @@
+uroot (User's root)
+===================
+Tool that uses Linux namespaces and resource separation to provide root like
+functionality even under unprivileged user on Linux systems. This is more commonly
+known as unprivileged containers. Difference between this project and full fledge
+containerization solution is that this tools tries to provide less separation to
+allow more versatile uses. See example usages if you are not sure what this can
+do. There is also section with limitations stating what you can't do with this
+tool.
+
+In general this tools allows you to imaginary become root. This has a lot of use
+cases outside of just creating full containers. You can use it to control some bad
+behaving program without fully separating it from host system.
+
+System setup
+------------
+TODO (describe shadow requirements)
+
+Limitations of this tools
+-------------------------
+This tool is not perfect as well as technology it uses is not perfect. There can
+be bugs and there are for sure unimplemented features. This section provides you
+with information about some known problems that we are unable to solve because of
+limitations of used technology. Please check this list before you report problem
+or even before you use tool it self.
+
+### Block devices are no go
+Unfortunately current implementation of namespaces, primarily mount points
+unshare, does not support usage of block devices subsystem. That is kernel
+subsystem handling access to storage devices. Most of kernel file system drivers
+are implemented on top of block devices and because of that non of those file
+systems can be used. This means that you can modify (mount) only already mounted
+file systems or system file systems such as tmpfs or procfs. Allowing user access
+to `/dev` device is not enough to fix this issue. This also means that you are not
+able to use FUSE file systems.
+
+Example usages
+--------------
+On top of making you look cool that you are able to get root on system you should
+not (those hacking skills) this tool also have some real live uses. Some of them
+can be clear cut but some usages might not be immediately clear. That is the main
+reason why this section exists. It also should give you hints to common traps.
+
+### chroot
+TODO
+
+### Single killable process
+TODO
+
+### Network isolation
+TODO