Re: can chroot be made safe for non-root?

Ville Herva (vherva@niksula.hut.fi)
Tue, 22 Oct 2002 10:21:32 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Elladan: "Re: [PATCH] linux-2.5.43_vsyscall_A0"
Previous message: george anzinger: "Re: Son of crunch time: the list v1.2."
In reply to: Alan Cox: "Re: can chroot be made safe for non-root?"

On Mon, Oct 21, 2002 at 04:22:12PM +0100, you [Alan Cox] wrote:
> On Wed, 2002-10-16 at 07:44, Philippe Troin wrote:
> > > Is there a reason besides standards compliance that chroot() does not
> > > already change directory to the chroot'd directory for root processes?
> > > Would it actually break existing apps if it did change the directory?
> >
> > Probably not. Make that: change the directory to chroot'd directory if
> > the current working directory is outside the chroot. That is, leave
> > the cwd alone if it is already inside the chroot.
>
> Last time it was tried real apps broke.
>
> chroot is not jail chroot is not a sandbox. Do the job right (eg the
> vroot work) and it'll get a lot further

vserver (http://www.solucorp.qc.ca/miscprj/s_context.hc) seems to work
pretty decently. It's somewhat similar to bsd's jail.

-- v --

v@iki.fi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Elladan: "Re: [PATCH] linux-2.5.43_vsyscall_A0"
Previous message: george anzinger: "Re: Son of crunch time: the list v1.2."
In reply to: Alan Cox: "Re: can chroot be made safe for non-root?"