[plug] "Chroot" a whole system - Printing to the host?
weirdit at gmail.com
Fri Jan 5 16:02:13 WST 2007
On 1/5/07, Adrian Chadd <adrian at creative.net.au> wrote:
> The idea behind a chroot is that you don't have (legitimate) access to the
> directories -above- the chroot point. there's a few exceptions:
> * You can hardlink files into the chroot - so you could, for example,
> hard-link the lpd UNIX socket into the chroot and configure lpd to
> use that
(Bind mounts as well for example)
I'm not really sure how to do the lpd socket thing, would that work for cups?
> * You can still talk to the local services over TCP/IP; which is the "clean"
> way of doing it.
To do this for cups though, how would I do it? Do I have to runs cupsd
in the chroot, or is there an easier way?
> * Various illegitimate ways of breaking out of the chroot. I'm sure your
> family won't use them. :)
I'm sure they wont' ether, besides they can ssh directly into the main
system, it's more to keep dapper as the server, and edgy as the
> I'd suggest investigating VMWare, UML or Xen. What you can then do is run
> one VM with all the local services and then allow the other VM IPs to talk
> to them. Various limitations apply - direct hardware access, for example,
> is generally limited to the root domain in Xen but you can grant access to
> some device types to the user domains. UML is a bit more flexible IIRC.
I wanted to avoid UML, as it makes things like efax harder, and having
a virtual system which I then have to treat like a machine.
Linux Counter user #273956
Don't email joeblogs at scouts.org.au
More information about the plug