[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chroot sockets (was: Introducing the hardening-wrapper package)



Cheroot isn't supposed to change the namespace of Unix domain sockets in the case where the chroot shares a file with the main system.

On Jun 2, 2011 6:56 PM, <olafBuddenhagen@gmx.net> wrote:
> Hi,
>
> On Tue, May 31, 2011 at 09:35:32AM +0200, Samuel Thibault wrote:
>
>> You just need another partition, run debootstrap in it, and chroot
>> into it. You'll need to firmlink servers/socket/{1,2} from the root to
>> get named pipes and network sockets working.
>
> Err... What's the use of sharing the pipe server between chroot and main
> system?
>
> For the network stack, it certainly does make sense to share the server
> -- though in many situations it might be preferable to use an extra
> pfinet instance too. (With different IP address of course...)
>
> -antrik-
>
>
> --
> To UNSUBSCRIBE, email to debian-hurd-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: 20110602021330.GA318@alien.local">http://lists.debian.org/20110602021330.GA318@alien.local
>

Reply to: