SELinux a replacement for chroot jails?

Christian Seberino seberino at spawar.navy.mil
Mon Jul 25 12:24:43 PDT 2005


Thanks.  I was trying to get stunnel to be in a chroot jail.
I thought you had to just guess what /usr and /lib files
you needed.  I didn't know there were automated ways to do it.
Very nice.  So does everyone run ALL servers on chroot jails
if they setting them up has been automated?

Chris


On Mon, 2005-07-25 at 10:36, Michael O'Keefe wrote:
> Christian Seberino wrote:
> > I've had trouble implementing chroot jails and
> > remembered SELinux is about access control too.
> 
> What's your problem with chroot jails ? Maybe we can help !
> I have a script that installs all the necessary RPM's in a chroot 
> location just so RPM can work in a chroot jail. After that, I run 
> everything in the chroot jail to verify I have a list of all 
> dependencies, for building software, testing it, and running it.
> 
> -- 
> Michael O'Keefe                      |          mokeefe at qualcomm.com_
> Live on and Ride a 03 BMW F650GSDakar|          roxus at cox.net      / |
> I like less more or less less than   |Work:+1 858 845 3514        /  |
> more. UNIX-live it,love it,fork() it |Fax :+1 858 845 2652       /_p_|
> My views are MINE ALONE, blah, blah, |Home:+1 760 788 1296       \`O'|
> blah, yackety yack - don't come back |Fax :+1 858                _/_\|_,
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://www.kernel-panic.org/pipermail/kplug-list/attachments/20050725/5dbc7c68/attachment.pgp


More information about the KPLUG-List mailing list