[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Chrooted packages, where to put them?



** On May 24, Stephen Frost scribbled:

> > and create structure of their own hardlinking the libraries and /etc files
> > from the /var/chroot/ tree (for that to work all of the packages must be on
> > one filesystem). They would run chrooted into their /var/chroot/package/
> > directory. All packages would require the chroot package (e.g. chroot-base).
> > Comments?
> 
> 	This seems very similar to the way I had started setting things up on
> my system.  I actually made a seperate filesystem (/chroot) and stuck bind under
> it (/chroot/bind).  I'm trying to think of problems, and I think we'll want to
> be careful with the hardlinking.  The idea of having something in a chroot jail
> is that if someone breaks into it, they can't affect anything else.  If a
> library is shared between two packages and it can be modified by someone in one
> of the chroot'ed environments, that could affect the other chroot'ed environments.
Yes, there's a theorethical danger of that kind, but I think it's not that
grave as it might seem. The libraries can be protected by immutable bit, for
example, they will definitely be owned by root and the daemons will never
run as root (mostly). It can be made an option to choose whether the
libraries should be hardlinked or copied over to the new chroot jail. The
decision belongs to the package itself.

> 	The way I compiled bind, IIRC, was to statically compile it so as to not
> have it depend on any libraries.  Now, this does take it up from 452k to 1.8M,
> so I can see the desire to avoid that.  This would also require totally seperate
yes, it's a huge memory hog, besides it separates the daemon from the rest
of the distribution <plugin> all the dynalink advantages talk here</plugin>
and isn't quite that necessary.

> packages for everything offered chroot'ed, but then, if something chroot'ed can
> affect something else chroot'ed, there doesn't seem alot of point to having it
> chroot'ed to begin with.
I agree. Therefore such option as I wrote above should exist, no doubt about
that. But the chroot is only one level of separation, the permissions are
another - it is possible to create a secure installation with shared
libraries as well, IMHO...

> 	For the /etc strucuture, I take it we'll only be hardlinking the files
> which are used by a package into that package's /var/chroot/bind/etc dir?  For
> the reason I mentioned above I think we want to avoid hardlinking the actual
> directory.
Not always. Some packages might need /etc/passwd, /etc/nsswitch,
/etc/resolv.conf, /etc/hosts, /etc/hostname and /etc/whatnot - the
chroot-base package should encompass needs of all potential chroot clients -
it's easier to maintain it that way.

marek

Attachment: pgpfwpV8tjJ88.pgp
Description: PGP signature


Reply to: