[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chroot sockets (was: Introducing the hardening-wrapper package)

olafBuddenhagen@gmx.net, le Thu 02 Jun 2011 04:13:34 +0200, a écrit :
> On Tue, May 31, 2011 at 09:35:32AM +0200, Samuel Thibault wrote:
> > You just need another partition, run debootstrap in it, and chroot
> > into it. You'll need to firmlink servers/socket/{1,2} from the root to
> > get named pipes and network sockets working.
> 
> Err... What's the use of sharing the pipe server between chroot and main
> system?

So that named pipes can actually work. /tmp and /var/run and things like
that also need to be firmlinked. Else the rendez-vous between pflocal
and libc doesn't work.

Samuel
Reply to: