Re: chroot sockets

2011-06-26 Thread olafBuddenhagen
Hi, On Sun, Jun 19, 2011 at 03:46:00AM +0200, Samuel Thibault wrote: > olafbuddenha...@gmx.net, le Fri 17 Jun 2011 23:19:15 +0200, a écrit : > > On Fri, Jun 03, 2011 at 10:40:03AM +0200, Samuel Thibault wrote: > > > olafbuddenha...@gmx.net, le Thu 02 Jun 2011 04:13:34 +0200, a écrit : > > > > Err

Re: chroot sockets

2011-06-18 Thread Samuel Thibault
olafbuddenha...@gmx.net, le Fri 17 Jun 2011 23:19:15 +0200, a écrit : > On Fri, Jun 03, 2011 at 10:40:03AM +0200, Samuel Thibault wrote: > > olafbuddenha...@gmx.net, le Thu 02 Jun 2011 04:13:34 +0200, a écrit : > > > > Err... What's the use of sharing the pipe server between chroot and > > > main

Re: chroot sockets

2011-06-18 Thread olafBuddenhagen
Hi, On Fri, Jun 03, 2011 at 10:40:03AM +0200, Samuel Thibault wrote: > olafbuddenha...@gmx.net, le Thu 02 Jun 2011 04:13:34 +0200, a écrit : > > Err... What's the use of sharing the pipe server between chroot and > > main system? > > So that named pipes can actually work. Why wouldn't they work

Re: chroot sockets

2011-06-18 Thread olafBuddenhagen
Hi, On Thu, Jun 02, 2011 at 08:49:02PM -0700, Thomas Bushnell, BSG wrote: > Cheroot isn't supposed to change the namespace of Unix domain sockets > in the case where the chroot shares a file with the main system. OK, that makes sense... I wonder though whether that's relevant in the use case at

Re: chroot sockets (was: Introducing the hardening-wrapper package)

2011-06-03 Thread Samuel Thibault
olafbuddenha...@gmx.net, le Thu 02 Jun 2011 04:13:34 +0200, a écrit : > On Tue, May 31, 2011 at 09:35:32AM +0200, Samuel Thibault wrote: > > You just need another partition, run debootstrap in it, and chroot > > into it. You'll need to firmlink servers/socket/{1,2} from the root to > > get named pi

Re: chroot sockets (was: Introducing the hardening-wrapper package)

2011-06-02 Thread Thomas Bushnell, BSG
Cheroot isn't supposed to change the namespace of Unix domain sockets in the case where the chroot shares a file with the main system. On Jun 2, 2011 6:56 PM, wrote: > Hi, > > On Tue, May 31, 2011 at 09:35:32AM +0200, Samuel Thibault wrote: > >> You just need another partition, run debootstrap in

chroot sockets (was: Introducing the hardening-wrapper package)

2011-06-02 Thread olafBuddenhagen
Hi, On Tue, May 31, 2011 at 09:35:32AM +0200, Samuel Thibault wrote: > You just need another partition, run debootstrap in it, and chroot > into it. You'll need to firmlink servers/socket/{1,2} from the root to > get named pipes and network sockets working. Err... What's the use of sharing the p