On Sat, 2006-08-26 at 21:28 +0000, Hubert Havel wrote: > Hi Dan, > > How does NM talk to the internet browser? Does it use a socket? If NM uses a > socket to > communicate with the browser, then I can "mount /socket_dir > /choot/socket_dir -o bind" > The browser inside the chroot jail will be able to talk to the NM, while NM > is running under > root outside the jail. What do you think? Is this possible.
NM doesn't necessarily talk to the browser at all; user applications connect to the message bus daemon, and NetworkManager provides a service residing on the message bus. On Linux the communication happens over unix domain sockets. dan > Thanks for your help. Hubert. > > >From: Dan Williams <[EMAIL PROTECTED]> > >To: Hubert Havel <[EMAIL PROTECTED]> > >CC: [email protected] > >Subject: Re: Is it possible to chroot jail NetworkManager? > >Date: Wed, 23 Aug 2006 16:50:54 -0400 > > > >On Wed, 2006-08-23 at 19:43 +0000, Hubert Havel wrote: > > > Hello NetworkManger Users: > > > > > > I am able to get Opera to run in a chroot jail, but unfortunately, I > >was > > > unable to get > > > a jailed WiFI internet program to connect the jailed Opera to the WiFi > > > internet card. I tried jailing NetworkManager, but I noticed that > > > NetworkManager can only be executed by > > > root. It is unsafe to execute any program inside jail with root. > > > >Unfortunately, you pretty much _need_ root to do much with wireless. > >For example, you can't perform wireless scans unless you're root (or > >possibly have CAP_NET_ADMIN, not sure). You also can't manipulate the > >routing tables or set IP addresses if you're not root (or don't have > >CAP_NET_ADMIN). > > > >Furthermore, you'd need root for wpa_supplicant since it does a ton of > >wireless work. And NM needs to be able to access D-Bus too, and the > >system bus socket would likely be outside the chroot too. > > > > > Is there a way to jail NetworkManager securely - preferably, execute > > > NetworkManager > > > inside jail without root. Perhaps, there is a way, like Apache, after > > > initialization, it drops > > > the root process? > > > >Why do you want to do this? > > > >Dan > > > > > You help is greatly appreciated. I have been stucked on this for > >about 2 > > > weeks. > > > > > > Hubert. > > > > > > _________________________________________________________________ > > > Search from any web page with powerful protection. Get the FREE Windows > >Live > > > Toolbar Today! http://get.live.com/toolbar/overview > > > > > > _______________________________________________ > > > NetworkManager-list mailing list > > > [email protected] > > > http://mail.gnome.org/mailman/listinfo/networkmanager-list > > > > _________________________________________________________________ > Check the weather nationwide with MSN Search: Try it now! > http://search.msn.com/results.aspx?q=weather&FORM=WLMTAG > _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
