Ethan Benson <[EMAIL PROTECTED]> writes: [snip] > > What would be nice would be a union-mount, so you could graft a "real" > > /bin on top of /home/foo/bin, and so on. I'm not sure that `mount > > --bind' is the same thing? > > mount --bind would work, but you must ask yourself why you bother with > chroot if your just going to bind mount the entire filesystem into the > chroot jail anyway (which is just about what you must do for things to > work properly) when you bind mount /bin and /usr/bin you get all the > suids in those directories in the chroot, you also need /etc for the > global config files many programs use.
It *could* be used to save on disk-space; have one real-system running, copy that into a /mnt/chroot/ or somesuch, remove all the setuid binaries and generally secure it as much as poss, then have a set of chroot-ed users running with directories bind-mounted out of the same /mnt/chroot/. It's the several users per copy-of-system that would be the win, that way. ~Tim -- Another day, |[EMAIL PROTECTED] Another apt-get dist-upgrade |http://spodzone.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
