On Thu, 2007-12-27 at 21:43 +0900, John Summerfield wrote: > Tom Horsley wrote: > > I've been experimenting with chroot to switch to an > > alternate root partition and "do stuff" without > > actually having to reboot to that alternate OS. > > > > I see that none of the special filesystems seem to > > be created as part of the ordinary chroot command, yet > > things like the bind-chroot rpm does manage to create > > a more complete environment for named to run in > > (with populated /dev and /proc and wot-not). > > > > Is there a handy tool somewhere to duplicate all the > > special filesystems in a chroot environment? > > > > Or should I just look at bind-chroot in more detail > > and steal what it does? > > > The general idea of chroot is to provide a slightly more secure > environment than the base system. > Actually the general ideea of chroot is to provide base system with an extra layer of security. E.g. chrooted bind: if one succeed to compromise bind, cannot compromise the base system once he is isolated in the chrooted environment. Of course, there are ways to surpass chroot as well, but this is an entirely other story. > bind-chroot has what it needs; ordinarily one doesn't want devices in > the chroot environment (a few exceptions such as /dev/{null,zero} are > needed, but certainly not /dev/sda). > > I would contemplate an alternative approach such as using xen or, if h/w > virtualisation is available. kvm. > > -- > > Cheers > John > > -- spambait > 1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx > -- Advice > http://webfoot.com/advice/email.top.php > http://www.catb.org/~esr/faqs/smart-questions.html > http://support.microsoft.com/kb/555375 > > You cannot reply off-list:-) > OTOH, you may want to look at jailkit (http://olivier.sessink.nl/jailkit/) or even LFS (http://www.linuxfromscratch.org/) if you want to play around with chroot. HTH, Calin ================================================= Men take only their needs into consideration -- never their abilities. -- Napoleon Bonaparte