Chris Stromsoe wrote: > My eventual solution was to use multi-mount to bind mount a shared > directory with libraries and other common data to a "simple" generated > path as a container, and then bind mount the hashed directory inside > of that volume. I'm using the container volume as a chroot > environment to run untrusted code (php) on a web server, and wanted to > minimize exposure to the rest of the machine as much as possible. Ok, it's more clear to me now. I'm wondering, isn't it possible to create a custom "chroot" command, which will of course do the chroot, but also do the necessary binds. I've been working on a login shell (chroot_union) which is the standard shell of a user. When this user logs in (starts a session) a copy of the system is created with unionfs. Then a chroot is done, and a perfect environment where the user can do anything is there. Isn't that possible?
Stef Bon _______________________________________________ autofs mailing list [email protected] http://linux.kernel.org/mailman/listinfo/autofs
