Hello, On Fri, Oct 02, 2009 at 09:16:38AM +0200, Carl Fredrik Hammar wrote: > On Thu, Oct 01, 2009 at 07:52:57PM +0300, Sergiu Ivanov wrote: > > On Wed, Sep 30, 2009 at 09:45:32PM +0200, Arne Babenhauserheide wrote: > > > > Can I also put it "on /"? > > > That way I could activate it systemwide :) > > > > Yes, this is the long-term goal, though I definitely won't advise you > > trying this out ATM -- one of the most important issues is security, > > about which nsmux does nothing but standard procedures, but it is > > possible that something more is required. > > A secure way to use it on the entire filesystem would be to make use of > settrans -C flag, to start a shell chrooted to nsmux but not actually set > on /. This way only programs started from the shell would be affected. > > That is something like: > > settrans -C bash -- / nsmux ... > > (I didn't test it, it might be the other way around.)
Unfourtunately, I cannot test that with nsmux either, but as far as I can get it from the code of settrans, the command line is exactly what you suggest. Thanks for your suggestion! :-) I've forgotten about chroot capabilities of settrans, which might come in very handy when testing nsmux. Regards, scolobb