chroot-jail ?? whats this

Ralf Hildebrandt R.Hildebrandt at tu-bs.de
Tue Feb 29 07:59:48 UTC 2000


On Mon, Feb 28, 2000 at 10:20:57PM +0000, Lars Hecking wrote:

>  named is run in an environment where /jail becomes the root directory.

/jail -> /
/jail/etc/named.conf -> /etc/named.conf

and so on...

BTW -- chrooting is pointless when the program that's chrooted runs as user
root. 

>  A chroot jail needs only provide a minimum subset of files necessary
>  to run a certain daemon: shared libs, resolver config files, timezone
>  config, a few devices (/dev), daemon config and runtime files. It's a
>  good way to keep sensitive files (e.g. /etc/passwd and siblings) out
>  of sight.

Intriguingly I didn't need to copy any of those (shared libs, resolver
config files, timezone). I just needed to create dev/null.

-- 
Ralf Hildebrandt <R.Hildebrandt at tu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
The ashtray in my office proudly displays "Designed for Windows98/NT"


-- Attached file included as plaintext by Listar --

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: sJAiE8fstgmWIA3oXq/D4GCYtGG7YFcG

iQCVAwUBOLt8cknh/jPvZzKNAQFOXgP+JoeX3ENVwcKgoG9K5EuE0APeKTZ1QE35
TfbWN7sZm3PKwVqdd53oCck1beTxVgxqQRiWlT9zVgKWENADh0TwuWK9a06XHVGV
U8XHaMK8088VA9bcz686PTkuixANFhxrpuvajhvRBQGmPKEBUKEnFUi2shdpdcLQ
DSfQPulV7xU=
=R8Hi
-----END PGP SIGNATURE-----




More information about the bind-users mailing list