On Tuesday 04 March 2008 05:22:12 you wrote: > On Mon, Mar 03, 2008 at 06:28:22PM -0600, Rob Landley wrote: > > Quick and dirty patch to teach qemu application emulation how to chroot > > (and drop privs), so you don't have to pollute a target filesystem with > > host code, and/or figure out how to build qemu static in order to run a > > dynamic binary. > > Hi Rob, > > Right, doing the chroot from within qemu avoids the issue with polluting > the target/. Thanks for the example. > > The chroot approach still suffers from the need of initially having higher > privileges. Personally, I still prefer the sysroot option and avoid that > need but either way helps me. > > Best regards
Which sysroot option? (I may have missed a patch, I'm a month behind on the list. This is just something I've meant to submit for... about a year, I think.) You can also teach a bunch of different qemu syscalls (open, unlink, mmap, exec, fcntl, and 3 dozen others...) to append a prefix to its path, and perhaps try to prevent them from playing games with symlinks or ".." to break out of that subdir. But that's a much, much, much more extensive/intrusive patch. Rob -- "One of my most productive days was throwing away 1000 lines of code." - Ken Thompson.
