Subject: Re: chroot & null mount?
To: None <netbsd-users@netbsd.org>
From: James Hartley <jjhartley@gmail.com>
List: netbsd-users
Date: 08/22/2007 09:15:15
Thank you for your reply.
On 8/22/07, Peter Bex <Peter.Bex@xs4all.nl> wrote:
> The idea of a sandbox is that anything inside the sandbox can't mess up the
> rest of the system as it exists outside the sandbox.
> null mounts are mounts of the nullfs filesystem. Have a look at the
> mount_nullfs manpage for more info.
>
> Basically the nullfs 'mounts' a directory under another directory. This
> allows you to share, say, /usr/bin between the sandbox and the real system:
>
> mount_nullfs -o ro /usr/bin /var/chroot/chrootA/usr/bin
NetBSD's Wiki describes either hard linking or simply copying all
necessary support libraries into the chrooted directory:
http://wiki.netbsd.se/chroot
Three questions:
0. Is null mounting preferable to these two methods?
1. Are there any tricks/guidelines/admonitions to figuring out how to
move an applications into a chrooted environment?
2. What user should own a chrooted directory?
Thanks for any candor which can be shared.