Wolfgang Draxinger <[EMAIL PROTECTED]> wrote: > So you need some programs in your chroot: Then put a directory > usr/bin into the chroot directory and bind the system's /usr/bin > there:
> mount --bind /usr/bin $chroot/usr/bin That might not be the best idea... Suddenly the chroot:ed program has access to the real /usr/bin; and since it likely is running as root (it was allowed to call chroot()), it can do bad things to the things in /usr/bin. Even if the process has relinquished its privileges (which it should!), you will give it access to unnecessarily many programs, many of which are setuid or setgid. It is better to make copies of the needed binaries and libraries, and *only* them. > Another option > would be to place a statically linked busybox and it's > subprogram links into the chroot Much better than bind-mounting (or loopback-mounting if you are on SunOS/Solaris instead of Linux). Of course, assuming that busybox implements the command the OP needs. :-) Also remember, a chroot:ing process should permanently relinquish its privileges as soon as possible after chroot:ing. There are way too many fun things a root-running process can do even when chroot:ed, like creating device files or setuid binaries. All this is of course assuming that the chroot is done for security reasons. There are other reasons one might want to run in chroot. -- Thomas Bellman, Lysator Computer Club, Linköping University, Sweden "Life IS pain, highness. Anyone who tells ! bellman @ lysator.liu.se differently is selling something." ! Make Love -- Nicht Wahr!
-- http://mail.python.org/mailman/listinfo/python-list