On Jan 25, 2008 1:30 PM, Nick Kew <[EMAIL PROTECTED]> wrote: > > ... > > > A > > compromise might be to create a chroot hook and allow module > > developers to use it. This would shift the support burden somewhat > > from the core Apache team to those willing to engage the users > > providing support. > > Isn't that basically the status quo (mod_security presumably hooks it > in at post_config?)
In ModSecurity I had to use one of the available hooks to execute the chroot call. As Torsten mentions, that might be a much better place to do it. > > Personally, I don't really have a need for the internal chroot feature > > ever since I discovered the makejail utility (part of Debian, and > > maybe other systems), which worked really well for me. On the other > > hand, I am interested in getting Apache to drop certain capabilities > > (where supported) at startup. I plan to look into it eventually. > > Can we expect your contributions to the apache core code in the > not-too-distant? Possibly... Maybe I should aim to start with something simpler; for example, by proposing the suexec chroot patch I have lying around somewhere. > -- > Nick Kew > > Application Development with Apache - the Apache Modules Book > http://www.apachetutor.org/ > -- Ivan Ristic