[arch-dev-public] Introducing capchroot
Thomas Bächler
thomas at archlinux.org
Sat Jul 25 11:37:26 EDT 2009
I don't know if you use dchroot or schroot. They're both tools that let
a user chroot to a different directory.
dchroot was easy to configure, but behaved weird: There was always some
PAM message in the logs about 'su'. And it required root privileges
through the setuid bit. dchroot is also discontinued.
Now there is schroot. It seems awfully bloated, has unnecessary features
like mounting filesystems when chrooting, running linux32 and whatnot.
Configuration is complex, and it also has some weird interaction with
PAM. schroot, like dchroot, requires root privileges through the setuid bit.
I need a tool like this frequently, and was fed up with the above two.
So I wrote my own. Features:
- Lets an unprivileged user chroot to directories defined in
/etc/capchroot.allow
- Does nothing more than chroot, chdir and exec a program or shell, really!
- Does not require root privileges, but only a kernel >=2.6.24, a
filesystem with xattr support and the cap_sys_chroot capability set on
its executable. This way, the only possible security problem is that a
programming error might allow a user to bypass the restrictions in
capchroot.allow and chroot to an arbitrary directory.
I use it in a script like this:
#!/bin/sh
exec linux32 capchroot -d $PWD /mnt/arch32 -- "$@"
My /home is mounted in /mnt/arch32/home, so changing the directory to
$PWD after the chroot will actually work.
Enough talk, if anyone finds it useful, here it is:
http://dev.archlinux.org/~thomas/capchroot/
http://projects.archlinux.org/?p=users/thomas/capchroot.git;a=summary
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://www.archlinux.org/pipermail/arch-dev-public/attachments/20090725/0308e354/attachment-0001.pgp>
More information about the arch-dev-public
mailing list