11. FTP
Runs privileged
child
Chroot to restrict FS access
child
Chroot within the
application
Chroot to restrict FS access
/
|-bin/
|
|-bash
|
|-home/
|
|-niki/
|
|-pesho/
|
|-ani/
|
/
- start a new child
- change the root to ~/ani
- change dir to /
/home/ani
- listing files in / will result
in listing the files within /home/ani
Note: does not require any
libraries or special setup
14. How to use the Linux linker
$ /lib/ld-linux.so.2 --list /bin/bash
linux-gate.so.1 (0xb775c000)
libtermcap.so.2 => /lib/libtermcap.so.2
(0xb7726000)
libdl.so.2 => /lib/libdl.so.2 (0xb7721000)
libc.so.6 => /lib/libc.so.6 (0xb7596000)
/lib/ld-linux.so.2 (0xb775d000)
15. How to use the Linux linker
Verify that all shared libraries are present in the
chrooted environment
$ /lib/ld-linux.so.2
--list
--library-path /storage/chroot/lib
/storage/chroot/bin/bash
Warning: Do not forget that shared
libraries can also be using other
shared libraries.
17. Missing devices?
Some applications require basic devices to
function:
/dev/ zero /dev/null /dev/random
/dev/ttyX or pts/X
/dev/urandom
- terminal access
/dev/log - log to syslog (reconfigure the syslog
daemon)
Note: Do not use MAKEDEV. It creates too many
unnecessary devices. Use mknod instead.
18. Installing software in the chroot
RPM based distributions
Initialize the RPM DB in the chroot(/vm1):
# mkdir -p /vm1/var/lib/rpm
# rpm --root /vm1 --initdb
Install a single RPM in chroot(/vm1):
# rpm --root /vm1 -ivh some_package.rpm
Install the RPM package manager into the chroot:
# yum --installroot=/vm1 install rpm
Follow the last step for any other package....