From: Goetz Bock <bock@blacknet.de>
To: User-mode-linux-devel@lists.sourceforge.net
Subject: Re: [uml-devel] filemap feature 2.4.22-5um
Date: Sat, 18 Oct 2003 23:57:45 +0200 [thread overview]
Message-ID: <20031018215745.GK441@shell.blacknet.de> (raw)
In-Reply-To: <Pine.LNX.4.44.0310181435400.30746-100000@filer.marasystems.com>
[-- Attachment #1: Type: text/plain, Size: 1205 bytes --]
On Sat, Oct 18 '03 at 14:37, Henrik Nordstrom wrote:
> > It would be nice if a chroot wrapper could open the files and pass the
> > "filemap=" config strings to your config parser. Something like this:
>
> What I do not quite get in this discussion is why one does not want to
> have the selected files available in the chroot in the first place?
>
> To chroot you need to be root. As root you are also allowed to map files
> around using mount --bind.
No, there is no need to be root inside a chrooted environment, or better
yet you should not be.
I've created a patch to su (from coreutils) to allow root to chroot into
a given directory, than su to a user, and execute a binary (attached).
My uml setup for an uml instance includeds a /bin/ directory for each
user with one copy of the uml instance, the commandline than looks like
this
su -r /home/uml/utest utest -s /bin/utest umid=utest ...
where utest is a user on the host.
--
/"\ Goetz Bock at blacknet dot de -- secure mobile Linux everNETting
\ / (c) 2003 as GNU FDL 1.1
X [ 1. Use descriptive subjects - 2. Edit a reply for brevity - ]
/ \ [ 3. Reply to the list - 4. Read the archive *before* you post ]
[-- Attachment #2: coreutils-5.0-su-chroot.patch.gz --]
[-- Type: application/x-gzip, Size: 1297 bytes --]
next prev parent reply other threads:[~2003-10-18 22:07 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-18 1:31 [uml-devel] filemap feature 2.4.22-5um Steve Schmidtke
2003-10-18 12:37 ` Henrik Nordstrom
2003-10-18 21:57 ` Goetz Bock [this message]
2003-10-18 22:29 ` Henrik Nordstrom
2003-10-18 14:27 ` Adam Heath
-- strict thread matches above, loose matches on Subject: below --
2003-10-18 17:15 Steve Schmidtke
2003-10-18 16:34 BlaisorBlade
2003-10-14 22:58 Steve Schmidtke
2003-10-15 8:43 ` azu
2003-10-15 20:13 ` Jeff Dike
2003-10-14 14:08 Steve Schmidtke
2003-10-14 3:54 Steve Schmidtke
2003-10-13 5:15 ` Jeff Dike
2003-10-14 6:19 ` Doug Dumitru
2003-10-17 17:14 ` Adam Heath
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031018215745.GK441@shell.blacknet.de \
--to=bock@blacknet.de \
--cc=User-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.