Re: jailrooting services with RootDirectory - how ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 28 Sep 2022 19:07:14 +1000 (AEST)
Michael Chapman <mike@xxxxxxxxxxxxxxxxx> wrote:

ExecStart works relative to RootDirectory. 
At least for me.

> On Wed, 28 Sep 2022, Branko wrote:
> > OK. You have bound one path. Is the executable  within it or is it
> > irrelevant for the case ( and the executable is in /tmp) ?  
> 
> No, the executable was in the chroot's root directory. That's why I 
> referred to it with:
> 
>     ExecStart=/hello
> 
> You could put the executable in a subdirectory if you wanted. But if 
> you were to place the binary at, say:
> 
>     ExecStart=/usr/bin/hello
> 
> -- again, relative to the chroot's root directory -- then using:
> 
>     BindReadOnlyPaths=/usr
> 
> would not work.
> 
> But... why would you do that? I can't think of any reason for bind 
> mounting an ancestor of the chroot's root directory into the chroot 
> itself.
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux