From: Volker Kuhlmann (hiddenparadise.net.nz)
Date: Fri Dec 12 2003 - 16:51:17 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 1) Create /etc/sysconfig/chroot.d directory and store configuration
> files for services to be chrooted.

Please no, only one config file in /etc, copy that if needed. On SuSE
8.2 several services run chrooted already on demand, e.g. postfix and
named, and SuSEconfig/rcservice maintain the chroot env automatically.
Have a look at their mechanisms first, they seem pretty good.

> 2) Create chroot-maker file which will basically read the
> /etc/sysconfig/chroot.d/FILENAME and create the chrooted environment

If chroot.d/FILENAME contains a list of files needed in the chroot env
for each service, that would be a good general approach.

The tricky bit is to work out which files are needed. I tried with jail
and sshd once but couldn't get it working.

> 3)Modify the /etc/init.d/SERVICE file to include the chroot setup
> so I do not have to worry about if I need to prepare the chroot
> environment or not

Yes.

> I think this is better then the unsubscribe thread :-)

No doubt!

Volker

--
Volker Kuhlmann is possibly list0570 with the domain in header
http://volker.dnsalias.net/ Please do not CC list postings to me.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]