[ale] chroot-ed bind
Stephen Pellicer
spellicer at 8thlayer.net
Wed Mar 28 23:42:10 EST 2001
On 28 Mar 2001 20:01:08 -0500, David Corbin wrote:
> 1) what files/directories are really required?
> 2) is there a standard place in the filesystem to put "chroot-ed"
> filesystems?
> 3) would it be a very bad idea to create the chroot-ed system by having
> hard-links to the "same" files/directories in the real file system?
> 4) any other warnings/suggestions or caveats?
Here's a link I found off the bind website that someone put together on
running bind chroot. http://www.psionic.com/papers/dns/dns-linux I can't
vouch for how good it is since I just perused it. I would not run with
hard links of duplicate files to your main file system. While they
couldn't delete your real files, they could modify them. If they are
links, they point to the same data so modification of the linked file
would "pass through" to your main system if it's used somewhere else. I
also like the article's suggestion of a static build to cut down on
necessary libraries. A seperate partition would be beneficial so that
filling your chroot'ed environment doesn't adversely affect the rest of
your system, but since you'll probably be logging to your system log,
that's still a possibility of filling that part of your disk.
Stephen
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list