Complete chroot environment?

kalinix calin.kalinix.cosma at gmail.com
Fri Dec 28 11:18:35 UTC 2007 

On Thu, 2007-12-27 at 21:43 +0900, John Summerfield wrote:
> Tom Horsley wrote:
> > I've been experimenting with chroot to switch to an
> > alternate root partition and "do stuff" without
> > actually having to reboot to that alternate OS.
> > 
> > I see that none of the special filesystems seem to
> > be created as part of the ordinary chroot command, yet
> > things like the bind-chroot rpm does manage to create
> > a more complete environment for named to run in
> > (with populated /dev and /proc and wot-not).
> > 
> > Is there a handy tool somewhere to duplicate all the
> > special filesystems in a chroot environment?
> > 
> > Or should I just look at bind-chroot in more detail
> > and steal what it does?
> > 
> The general idea of chroot is to provide a slightly more secure 
> environment than the base system.
> 

Actually the general ideea of chroot is to provide base system with an
extra layer of security. E.g. chrooted bind: if one succeed to
compromise bind, cannot compromise the base system once he is isolated
in the chrooted environment.
Of course, there are ways to surpass chroot as well, but this is an
entirely other story.


> bind-chroot has what it needs; ordinarily one doesn't want devices in 
> the chroot environment (a few exceptions such as /dev/{null,zero} are 
> needed, but certainly not /dev/sda).
> 
> I would contemplate an alternative approach such as using xen or, if h/w 
> virtualisation is available. kvm.
> 
> -- 
> 
> Cheers
> John
> 
> -- spambait
> 1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
> -- Advice
> http://webfoot.com/advice/email.top.php
> http://www.catb.org/~esr/faqs/smart-questions.html
> http://support.microsoft.com/kb/555375
> 
> You cannot reply off-list:-)
> 

OTOH, you may want to look at jailkit
(http://olivier.sessink.nl/jailkit/) or even LFS
(http://www.linuxfromscratch.org/) if you want to play around with
chroot.


HTH,



Calin

=================================================
Men take only their needs into consideration -- never their abilities.
-- Napoleon Bonaparte

More information about the users mailing list