Hi. Thanks for good program.

I'm quite paranoid guy and dont beleave when some program offer me "use
chroot = yes". Instead i jail program manually.
I was at 3.0.9 and all was fine. Manual chroot only requires files dir,
config and personal tmp. 3.1.1 now also want whole /proc only for
/proc/self/fd/X instead just fd number. Whole /proc is  serious security
risk for me. Why?

starce log
lstat64("tt", {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096, ...}) = 0
fstatat64(AT_FDCWD, "tt", {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096,
...}, AT
fstatat64(AT_FDCWD, "/proc/self/fd/2", 0x5bafe7f0, 0) = -1 ENOENT (No
such file
 or directory)
close(2)                                = 0
getpid()                                = 1395
sendto(0, "<28>Aug  1 00:35:51 rsyncd[1395]"..., 117, 0, NULL, 0) = -1
 (Socket not connected)
connect(0, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 12) = -1 ENOENT
(No such
file or directory)
select(4, [1], [3], [1], {60, 0})       = 1 (out [3], left {59, 999915})
write(3, "V\0\0\10rsync: failed to set permiss"..., 361) = 361

Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to