On Monday 14 February 2011 05:43:21 erikmccaskey64 wrote: > To be specific: The user could launch a program [e.g.: Google Chrome] > inside this sandbox, and when he/she exits Google Chrome, all the changes > that Google Chrome did is "undoed". + Google Chrome is in a sandbox, so it > can't "see"/read the files of the user! schroot configured not to (bind) mount /home inside the chroot using one of the session-enabled chroot types (e.g. lvm-snapshot) that support the source chroot options. When using one of the "source chroot" types, each session is normally a clone of the source. It can be modified, but it is thrown away when the session ends, so modifications don't "stick". debootstrap can good for building the initial chroot. Assuming you don't just want it to be a snapshot of the host system, which I think is only possible with lvm or btrfs. If you aren't already using btrfs or lvm, a block device, loopback, or even directory type can work if you specify the union chroot options, I think. YMMV, I currently only use schroot to run the 32-bit (only) ICAClient for work. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.