Quoting "Robert Connolly" <[EMAIL PROTECTED]>: > On Monday September 15 2008 12:21:16 pm Chris Buxton wrote: >> I have some experience with chroot jails, including setting them up >> from scratch and debugging them. > > Do you use the 'runas' program? Are there reasons not to use it?
We use "compartment" in Devil-Linux. I think the guys at SuSE wrote it. It helps you if the maintainer of a program didn't add any code to run it as non-root. It also allows you to use assign only certain privileges to the program. Take a look at the JAILKIT, it provides a handy tool jsocketd. This spares you all the trouble with having syslog(-ng) listen in additional chroot folder structures. You simply add the creation of the forwarding socket to the jail initialization script. Unfortunately chroot jails are like a step child, nobody really wants to maintain them. There's a lot we could do, but you need the time to pull it off... -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
