On Fri, 23 Mar 2007 19:35:50 +1200 Volker Kuhlmann <[EMAIL PROTECTED]> wrote:
> On Fri 23 Mar 2007 06:30:41 NZST +1200, Nick Rout wrote: > > > How about > > > > mount --bind /dev $MYCHROOT/dev/ > > Will work, but one might have very good reason to limit the devices > available in the chroot environment to for example not include any of > your pluggable gimmicks. Same goes for the makefile approach. > > The best approach is to use mknod to only create what's actually needed. > The idea of chroot is to move everything *out* that is not needed to > limit the potential damage. No point in a straightjacket which is 3 > times too big. > > Volker yes certainly if your chroot is a jail for security purposes then the idea is to limit damage that a runaway or compromised process can do. Access to your device files will enable almost anything to be damaged, and is therefore quite likely a bad thing. I can see the desirability of being able to access /dev/null, which is where the thread started. However if your chroot is to, eg, install a distro into a disk area, then you probably want to reproduce most of /dev, as well as /proc (and possibly /sys ?).
