On 22/08/2015 15:01, Brandon Allbery wrote:
On Sat, Aug 22, 2015 at 10:54 AM, Rainer Duffner <[email protected]>
wrote:
I found it’s much easier to have actual chroot’ed ssh users once the users
themselves are in an LDAP-directory.
Also, for doing anything useful on that shell, it turned out you need a
some more devices in /dev than the usual chroot (like a chroot’ed PHP-FPM,
that just needs the dev-set of jail(4)).
And a couple of symlinks.
Yep; chroots are always a pain to deal with. I have seen utilities to
manage them, but only for Linux.
For your information, I'm in the process of porting my schroot chroot
management tool to FreeBSD.
https://github.com/codelibre-net/schroot
This was traditionally a Linux (Debian) chroot tool for building source
packages, but it's worked on Debian GNU/kFreeBSD for a good while so it
already supported nullfs filesystem mounts e.g. of home directories and
devices, and now the work to build it on FreeBSD proper is done--I was
blocked on toolchain/linker bugs for the last 18 months until 10.2 came
out (C++11 nullptr_t was broken)
The master branch is current development work, and I got it all building
on FreeBSD 10.2-RELEASE just yesterday. It's not yet actually *tested*
on FreeBSD other than the unit tests pass. So it might not be
production-ready right now, but it should be fairly soon. Now it's
building, I'll also look at adding some FreeBSD-specific features to it
as well, like ZFS snapshots, jail support, etc.
While the compiled binaries should be fine, there may be residual
Debianisms/GNU libc-isms in the setup scripts. They are likely trivial
to fix though.
If anyone wants to give it a try and provide some feedback, or if you
have any suggestions or feature requests, please just let me know either
by mail or at https://github.com/codelibre-net/schroot/issues
Instructions for building on FreeBSD are in the README
https://github.com/codelibre-net/schroot/blob/master/README.md
Kind regards,
Roger
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[email protected]"
