The runas program, I think Debain wrote it, is a leaner alternative maybe. From what I understand from the manual page, an suid user 'lynx' script could run runas, where runas is suid root but only executable by the runas group, which lynx is a member of... and the runas program will start lynx, chroot to an empty directory, and change uid to the lynx user.
It's dangerous to have runas suid root, but maybe libcap could reduce it to only having chroot capabilities. robert On Tuesday September 30 2008 09:48:07 pm Robert Connolly wrote: > On Tuesday September 30 2008 09:12:00 pm Kevin Day wrote: > > There is the possibility of read-only bind mounts to avoid the copying > > and prevent apps inside the chroot from writing to whatever may be > > bind mounted. > > > > http://kernelnewbies.org/LinuxChanges#head-3c3e558edfbf5fa26433410b9cb3b9 > >32 8dc542a5 http://lwn.net/Articles/281157/ > > I just tried to bind mount /lib and /usr/lib to /tmp/bind-test, and > /usr/lib replaces the /lib mount, instead of adding to it. > > It may work with something like mounting /opt/lynx2.8.6rel.5 > to /var/chroot/lynx, where Lynx was installed with > DESTDIR=/opt/lynx2.8.6rel.5, so that /opt/lynx2.8.6rel.5/usr/bin/lynx > exists, and then /lib can be mounted to /var/chroot/lynx/lib. > > This gets around the problem when upgrading dependency libraries, but it > adds more files to the chroot than we need. It's not that bad though. It's > not flexable enough to work with any package, but I can't think of any > package that can use a chroot like this that it wouldn't work with. > > Bind mounting single files would be nice (a hard link across mount points), > but it would make a serious mess out of /proc/mounts. > > robert
pgpgQLfAAJoFZ.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
