This is a perfect example of administration ;)
You wouldn't certainly bind-mount your real / to the chroot's / , so doing something like `rm -rf /*' would definitely break the chroot. I _do_ suppose that with that same invocation, one can also cause any other bind-mounted dirs to be obliterated from existence; I encountered this quite recently, during one of my package builds :/.
bind-mounting is NOT a PRACTICAL and RECOMMENDED approach in chrooting a service. Ang bind-mounting naman diba kadalasan ginagamit yan sa ibang bagay, example : running 32 bit apps on a 64 bit platform sa debian (yan ha! debian pa yan) pero hindi for security purposes like JAILING a process. Since you mentioned bind-mounting via packaging (chroot/chroot/chroot haha) Hindi ko makita yung security essence ng ginagawa mo. Ang alam ko fake-root packaging kadalasan for SANITY purposes, and NOT for security purposes which is aligned to this topic (e.g. chrooting a machine with net service such as a webserver) *sneeze* remember grsec? (oo linux yun e!) ang alam ko isa sa mga SECURITY feature niya is to PREVENT RECURSIVE CHROOTING. *cough cough* dont worry, we will not ask you why you do it. as an example if you can give me a ROOT account in your impressively recursive chroot environment. I can love your linux long time. :)
-- Zak B. Elep || http://zakame.spunge.org [EMAIL PROTECTED] || [EMAIL PROTECTED] 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D
Happy Kamote Foundation || http://www.kamote.com [EMAIL PROTECTED] || we love your linux long time. 14344 5254 31337 1337 H4X012 5K1LL$ H4H4H4 _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
