Re: openssh-server's default config is dangerous
>> I often need something like this when running inside a chroot and
>> always have trouble finding the clean&easy way to do it
> Here's one example that mk-sbuild uses:
> (jessie-amd64)$ cat /usr/sbin/policy-rc.d
> #!/bin/sh
> while true; do
> case "$1" in
> -*) shift ;;
> makedev) exit 0;;
> x11-common) exit 0;;
> *) exit 101;;
> esac
> done
Pretty far from my ideal of having some boolean setting under /etc somewhere.
> In this particular case, the issue isn't dpkg, but the package
> maintainer scripts. Those all operate using invoke-rc.d, and are
> blissfully unaware of whether they are operating inside of a chroot or
> outside. [Indeed, there's no reliable way of identifying whether you're
> actually in a chroot or not unless you're root and can compare your root
> to init's root.]
It's actually worse: in some of my chroots (such as LilDebi's) I do want
daemons to be started&stopped, while in others (typically when I mount
some external disk that holds some other machine's (broken) root
filesystem, in order to fix it) I don't.
So even if we could reliably identify that we're in a chroot jail, it
wouldn't tell us whether daemons should be started/stopped.
Stefan
Reply to: