WRT chrooting certain applications - wouldn't it make sense to mandate one consistent way for the user to do this if the package supports it? That way, chrooting daemons is much more user-friendly, which in turn will (hopefully) lead to more people doing it. One idea: In a configuration file, the user lists those daemons he wants to run chrooted. init.d scripts that support it read this information and act on it, copying the required files to a chroot before starting the daemon there. (The config file should probably not be read directly, instead the init.d script should call a small query script. That way, file format changes are possible.) Furthermore, IMHO init.d scripts that support chrooting should clearly print "[chrooted]" or "[non-chrooted]" in their startup message, both to make the user aware that chrooting is possible, and to make it clear whether it takes place. So: - If I were to put together a "chroot-helper" package, would people be interested in using it for their package? - Any chance of getting a recommendation for this into policy? Cheers, Richard -- __ _ |_) /| Richard Atterer | CS student at the Technische | GnuPG key: | \/¯| http://atterer.net | Universität München, Germany | 0x888354F7 ¯ ´` ¯
Attachment:
pgpmF9zQFVh5H.pgp
Description: PGP signature