Re: simple chroot environment rc.d script

To: iMil <imil%home.imil.net@localhost>
Subject: Re: simple chroot environment rc.d script
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 23 Aug 2012 09:00:32 -0400

On Thu, Aug 23, 2012 at 02:47:30PM +0200, iMil wrote:
> 
> Hi,
> 
> /etc/rc.subr knows how to handle a chrooted service, but nothing is
> available yet to build a basic chrooted environment.

The built environment is much more dangerous than it needs to be, if
you're going to use null mounts.  The most obvious issue is that a 
full copy of /dev is provided to the application, when what you really
want to do is ensure the application has only the device nodes it
needs, on a read-only filesystem, and everything else accessible to
it mounted "nodev".

Thor

Follow-Ups:
- Re: simple chroot environment rc.d script
  - From: iMil

References:
- simple chroot environment rc.d script
  - From: iMil

Prev by Date: simple chroot environment rc.d script
Next by Date: Re: simple chroot environment rc.d script
Previous by Thread: simple chroot environment rc.d script
Next by Thread: Re: simple chroot environment rc.d script
Indexes:

Home | Main Index | Thread Index | Old Index