[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LIDS vers. chroot



Hi,

> Benjamin Schuele wrote:
> 
> I would like to initiate a discussion about LIDS and chroot to setup a
> secure server.

i prefer the solution to use chroot _with_ LIDS.
Make everything you would do without chroot and chroot the process (e.g.
bind, apache, etc.).
Remove the CAP_SYS_CHROOT from _every_ binary within the chroot, only
programs outside the chroot should have them.

Well, i think the solution depends on you paranoia level ;)

Regards,
Ralf Dreibrodt

-- 
Mesos            Telefon 49 221 4855798-1
Eupener Str. 150 Fax     49 221 4855798-9
50933 Koeln      Mail    rd@mesos.de



Reply to: