[plug] "Chroot" a whole system - Printing to the host?

Timothy White weirdit at gmail.com
Fri Jan 5 16:02:13 WST 2007

On 1/5/07, Adrian Chadd <adrian at creative.net.au> wrote:
> The idea behind a chroot is that you don't have (legitimate) access to the
> directories -above- the chroot point. there's a few exceptions:
> * You can hardlink files into the chroot - so you could, for example,
>   hard-link the lpd UNIX socket into the chroot and configure lpd to
>   use that

(Bind mounts as well for example)
I'm not really sure how to do the lpd socket thing, would that work for cups?

> * You can still talk to the local services over TCP/IP; which is the "clean"
>   way of doing it.

To do this for cups though, how would I do it? Do I have to runs cupsd
in the chroot, or is there an easier way?

> * Various illegitimate ways of breaking out of the chroot. I'm sure your
>   family won't use them. :)

I'm sure they wont' ether, besides they can ssh directly into the main
system, it's more to keep dapper as the server, and edgy as the

> I'd suggest investigating VMWare, UML or Xen. What you can then do is run
> one VM with all the local services and then allow the other VM IPs to talk
> to them. Various limitations apply - direct hardware access, for example,
> is generally limited to the root domain in Xen but you can grant access to
> some device types to the user domains. UML is a bit more flexible IIRC.

I wanted to avoid UML, as it makes things like efax harder, and having
a virtual system which I then have to treat like a machine.


Linux Counter user #273956
Don't email joeblogs at scouts.org.au

More information about the plug mailing list