[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Chrooted services

To: Suse-Security <suse-security@xxxxxxxx>
Subject: Re: [suse-security] Chrooted services
From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 13 Dec 2003 00:28:53 +0100
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Sat, 13 Dec 2003 00:34:21 +0100
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <001701c3c106$6d119820$52ef5b86@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mail-followup-to: Suse-Security <suse-security@xxxxxxxx>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <20031211193045.GF213@xxxxxxxxxxxx> <20031212022648.GC6659@xxxxxxxxxxxxxxx> <20031212141311.GM213@xxxxxxxxxxxx> <20031212225117.GC4315@xxxxxxxxxxxxxxx> <001701c3c106$6d119820$52ef5b86@xxxxxxxxxxxxxxxxxx>

* Philippe Vogel; <filiaap@xxxxxxxxxx> on 13 Dec, 2003 wrote:

This short description sounds nice, but I can't see how to do it.
Is there a longer version available?


Wish it were somehere that I knew; then all I would do was to follow the
steps.


For example it would be nice to chroot the flexlm licensserver.
Anybody done this before with compardment?

The steps are clear, but what's been to do step by step?


When I have a better picture I will put everything online and will
announce the link. However my first intention is to get things running.
So I raised the question earlier and accepted the fact that I was
getting lazier :-)


As from dhcpd I know you have to change something in Servicefile to activate
the chroot (with 8.1 it was the case until 8.2 supports it now).
With this option the /etc/init.d/<SERVICE-script> copies service xy into a
chroot jail (e.g. /var/chroot/SERVICE) and copies dummy devices into it so
service xy can access syslog, /etc/SERVICE, linked binaries and libs.

What are the options for compardment?


There are plenty and I have headache after reading them :-) I will

start asking the question about the capabilities later


The problem with this thread is, there isn't really much been said about it
in the man or howto (same was with samba-vscan, but I found some useful
links after investigating a littlebit).
I cannot find useful links to this thread.

Anybody got links or manuals for this?


Should have one manual up soon but I will protect it with .htaccess and allow
access to those helping me :-)

Mfg. von Stuttgart

--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer		Please reply to the list;
http://susefaq.sf.net			Please don't CC me.



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

References:
- [suse-security] Chrooted services
  - From: Togan Muftuoglu
- Re: [suse-security] Chrooted services
  - From: Volker Kuhlmann
- Re: [suse-security] Chrooted services
  - From: Togan Muftuoglu
- Re: [suse-security] Chrooted services
  - From: Volker Kuhlmann
- Re: [suse-security] Chrooted services
  - From: Philippe Vogel

Prev by Date: Re: [suse-security] Chrooted services
Next by Date: Re: [suse-security] Can't open any port
Previous by thread: Re: [suse-security] Chrooted services
Next by thread: Re: [suse-security] Chrooted services
Index(es):
- Date
- Thread