Re: staying in stable but compiling for sid
Hi,
Romain Beauxis <toots@rastageeks.org> wrote:
> Well, if it's only meant for using the application in your current X server,
> you simply have to bind mount the /tmp directory in the chroot:
> mount -t none -o bind /tmp /path/to/chroot/tmp
>
> I think it's enough to get the chroot to use the X server with UNIX sockets..
>
> Of course if you don't have the same users in the chroot, you may also
> xhost +
> to allow other users..
> Et voila !
Even with the same user, it's not enough. You need to import the
MIT-MAGIC-COOKIES in the chroot if you want to avoid the 'xhost +'
security hole.
The advantage of this solution is that it's probably faster than TCP
connections to localhost. The main disadvantage is that /tmp isn't
anymore isolated in the chroot. Programs in the chroot are fiddling with
your normal /tmp. To avoid that, it's problably enough to mount --bind
only /tmp/.X11-unix, instead of the whole /tmp. I didn't try it, though.
--
Florent
Reply to: