Hi, Romain Beauxis <[EMAIL PROTECTED]> wrote:
> Well, if it's only meant for using the application in your current X server, > you simply have to bind mount the /tmp directory in the chroot: > mount -t none -o bind /tmp /path/to/chroot/tmp > > I think it's enough to get the chroot to use the X server with UNIX sockets.. > > Of course if you don't have the same users in the chroot, you may also > xhost + > to allow other users.. > Et voila ! Even with the same user, it's not enough. You need to import the MIT-MAGIC-COOKIES in the chroot if you want to avoid the 'xhost +' security hole. The advantage of this solution is that it's probably faster than TCP connections to localhost. The main disadvantage is that /tmp isn't anymore isolated in the chroot. Programs in the chroot are fiddling with your normal /tmp. To avoid that, it's problably enough to mount --bind only /tmp/.X11-unix, instead of the whole /tmp. I didn't try it, though. -- Florent -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
