Hi Dan, How does NM talk to the internet browser? Does it use a socket? If NM uses a socket to communicate with the browser, then I can "mount /socket_dir /choot/socket_dir -o bind" The browser inside the chroot jail will be able to talk to the NM, while NM is running under root outside the jail. What do you think? Is this possible.
Thanks for your help. Hubert. >From: Dan Williams <[EMAIL PROTECTED]> >To: Hubert Havel <[EMAIL PROTECTED]> >CC: [email protected] >Subject: Re: Is it possible to chroot jail NetworkManager? >Date: Wed, 23 Aug 2006 16:50:54 -0400 > >On Wed, 2006-08-23 at 19:43 +0000, Hubert Havel wrote: > > Hello NetworkManger Users: > > > > I am able to get Opera to run in a chroot jail, but unfortunately, I >was > > unable to get > > a jailed WiFI internet program to connect the jailed Opera to the WiFi > > internet card. I tried jailing NetworkManager, but I noticed that > > NetworkManager can only be executed by > > root. It is unsafe to execute any program inside jail with root. > >Unfortunately, you pretty much _need_ root to do much with wireless. >For example, you can't perform wireless scans unless you're root (or >possibly have CAP_NET_ADMIN, not sure). You also can't manipulate the >routing tables or set IP addresses if you're not root (or don't have >CAP_NET_ADMIN). > >Furthermore, you'd need root for wpa_supplicant since it does a ton of >wireless work. And NM needs to be able to access D-Bus too, and the >system bus socket would likely be outside the chroot too. > > > Is there a way to jail NetworkManager securely - preferably, execute > > NetworkManager > > inside jail without root. Perhaps, there is a way, like Apache, after > > initialization, it drops > > the root process? > >Why do you want to do this? > >Dan > > > You help is greatly appreciated. I have been stucked on this for >about 2 > > weeks. > > > > Hubert. > > > > _________________________________________________________________ > > Search from any web page with powerful protection. Get the FREE Windows >Live > > Toolbar Today! http://get.live.com/toolbar/overview > > > > _______________________________________________ > > NetworkManager-list mailing list > > [email protected] > > http://mail.gnome.org/mailman/listinfo/networkmanager-list > _________________________________________________________________ Check the weather nationwide with MSN Search: Try it now! http://search.msn.com/results.aspx?q=weather&FORM=WLMTAG _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
