On Sat, 16 Feb 2008, Stef Bon wrote: > Chris Stromsoe wrote: > >> My eventual solution was to use multi-mount to bind mount a shared >> directory with libraries and other common data to a "simple" generated >> path as a container, and then bind mount the hashed directory inside of >> that volume. I'm using the container volume as a chroot environment to >> run untrusted code (php) on a web server, and wanted to minimize >> exposure to the rest of the machine as much as possible. > > Ok, it's more clear to me now. I'm wondering, isn't it possible to > create a custom "chroot" command, which will of course do the chroot, > but also do the necessary binds.
Probably. But I have over 35k virtual hosts. I need to have the mounts expire after some period of non-use. Having the chroot process handle the binds means that I would need to have some other process sitting around to unmount everything after a period of inactivity. Which might as well be autofs at that point. > I've been working on a login shell (chroot_union) which is the standard > shell of a user. When this user logs in (starts a session) a copy of the > system is created with unionfs. Then a chroot is done, and a perfect > environment where the user can do anything is there. Isn't that > possible? The server is only accessible via ftp and http. I'm trying to limit the environment only to what is necessary to run and nothing more. If I were trying to provide a more complete environment with shell access it might make sense to use unionfs, but I'm not doing anything that complex. Autofs managing the bind mounts (together with a chroot cgi wrapper to limit access) covers everything I need. -Chris _______________________________________________ autofs mailing list [email protected] http://linux.kernel.org/mailman/listinfo/autofs
