Re: chrooting daemons
From: Topi Miettinen <Topi.Miettinen@ml.tele.fi>
> If we had a fexec(int fd,..) [...]
> I don't know how dynamic libs would be dealt with, though.
Not easily. What I want to do is to have a list that is made into a
filesystem in the chroot environment, but uses the same device/inode pairs
as the underlying files so that it's efficient. This example is for
anonymous FTP:
/tmp/x12334/ -> /var/tmp (rw)
/lib/ld.so /lib/ld.so (ro)
/lib/libc.so.5 /lib/libc.so.5 (ro)
/bin/gzip /bin/gzip (ro)
/bin/ls /bin/ls (ro)
/welcome.msg /home/ftp/welcome.msg (ro)
/etc/passwd /home/ftp/passwd (ro)
/etc/group /home/ftp/group (ro)
/etc/pathmsg /home/ftp/pathmsg (ro)
/pub /home/ftp/pub (ro)
/pub/Incoming /home/ftp/pub/Incoming (wo, no-hidden-filenames)
I would send this to the kernel (either using the "mount" command or via
the proc filesystem), and then a filesystem would be synthesized with these
contents, but referring to the device/inode pairs of the underlying files
and directories. This is complicated by the fact that the underlying files
may come from more than one device, but we want to share the inodes. Hard
links are not enough to do this.
Note also that if you import directories, you have to rewrite what ".."
points to, and you'd better make sure the directories don't contain
hard links to files you don't want referenced from the chroot environment.
> That's "ifs" (http://www.funet.fi/pub/Linux/mirrors/tsx-11/ALPHA/ifs/),
> but its from 1994. The author, W. Almesberger is still active.
OK. I'll ask Werner what has become of it.
Thanks
Bruce
--
Can you get your operating system fixed when you need it?
Linux - the supportable operating system. http://www.debian.org/support.html
Bruce Perens K6BP bruce@debian.org NEW PHONE NUMBER: 510-620-3502
Reply to: