On Fri, Feb 04 at 09:28:19 (+0100), Wouter Verhelst wrote: > Actually, that /is/ a needed file. Some programs look up the name of a > user before doing stuff (or look up the UID of a username), and without > that file they do very strange things
If you need /etc/passwd, for example, the better way is to $ grep username /etc/passwd > /path/to/croot/etc/passwd but not to copy the whole /etc/passwd. If you needed shared library for elf32 binary file you can use ldd_handle.pl script. For shell script it's quite difficult to determine what external (not shell builtin ) command needed. Probably you have to call ldd_handle.pl for each external binary file. I think the one solution for such cases does not exists. But I think the better it's just chrooted only needed files from packages like fileutils, but not the whole package (why you need command like ls, dir? it's potential security hole, IMHO) PS: I wrote alternative, not replace for makejail and debootstrap. -- Sergei "df" Kononov GnuPG ID: 0x7D992F45 Linux - because software problems should not cost money. (by Shlomi Fish)
pgp4l3pyiKnDR.pgp
Description: PGP signature
