Hi, I think you won't have to make a unique jail for ssh, you can use the pam module which is designed especially for this. Unfortunately AFAIK debian does not support that module, so you will have to compile your own packages. Btw you can switch off the double chroot restrictions under Grsec Customize > Filesystem Protections > Chroot jail restrictions (NEW) > [ ] Deny double-chroots
Domonkos Czinke -----Original Message----- From: Arnaud Fontaine [mailto:[EMAIL PROTECTED] Sent: Saturday, December 06, 2003 3:37 PM To: [email protected] Subject: Re: Grsecurity, ssh and postfix On Fri, 5 Dec 2003 21:45:01 +0100 Florian Weimer <[EMAIL PROTECTED]> wrote: > The privilege separation code invokes chroot(), too. > > Is there a "do not create any new file descriptors" process attribute > in grsecurity? If there is, OpenSSH should toggle instead of calling > chroot() to an empty directory, which is a poor replacement. Hello, Thanks for your explanation but i don't know how to do that with grsecurity. I am looking after this. I have done a chroot environment for ssh to log in for fetch, read and send mails with mutt, procmail, fetchmail and postfix. But i would like to know how i can integrate postfix to this chroot environment. Could you give me some advices about this ? Thanks for your help... Arnaud Fontaine ----- signature Arnaud Fontaine <[EMAIL PROTECTED]> - http://www.andesi.org/ GnuPG Public Key available at http://www.andesi.org/gpg/dsdebian.asc Fingerprint: 22B6 B676 332E 23BC CA7D 174D 6D41 235A 23A2 500A ------ fortune "There are a billion people in China. And I want them to be able to pass notes to each other written in Perl. I want them to be able to write poetry in Perl. That is my vision of the Future. My chosen perspective." -- Larry Wall (Open Sources, 1999 O'Reilly and Associates)
