On Sat, May 31, 2008 at 08:29:53PM -0700, Todd A. Jacobs wrote: > On Fri, May 30, 2008 at 09:53:30PM -0400, Douglas A. Tutty wrote: > > > [etch-ia32] > > type=directory > > description=Debian Etch ia32 > > groups=games > > run-setup-scripts=true > > run-exec-scripts=true > > personality=linux32 > > location=/srv/chroot/etch-ia32 > > The problem here (for me) is that you're running the bind scripts, and I > don't *want* to share home directories with the chroot. I'm sure that's > part of the problem in my case, but I'm just not sure how to fix it.
There's probably a very elegant way, but the simplest way is to create a new user, put that new user in a group that is set to allow use of schroot (in mine, games, but you could create something like "chrooters"). Sure their home directory will be bind mounted but if you have permissions set right that user (or any malware running as that user) won't be able to access other user's home directory. You'll need most of the bind scripts so that /dev and /proc get mounted (and others, read the scripts). Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
