Re: jailrooting services with RootDirectory - how ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 28 Sep 2022, Branko wrote:
> OK. You have bound one path. Is the executable  within it or is it
> irrelevant for the case ( and the executable is in /tmp) ?

No, the executable was in the chroot's root directory. That's why I 
referred to it with:

    ExecStart=/hello

You could put the executable in a subdirectory if you wanted. But if 
you were to place the binary at, say:

    ExecStart=/usr/bin/hello

-- again, relative to the chroot's root directory -- then using:

    BindReadOnlyPaths=/usr

would not work.

But... why would you do that? I can't think of any reason for bind 
mounting an ancestor of the chroot's root directory into the chroot 
itself.
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux