> Riley Williams writes ("Re: access to proc filesystem from chrooted process"):
> > Hi Peri.
> >
> > > There is a suggestion in the kernel sources that a chrooted
> > > process should only be able to see processes that have the same
> > > root or that have a more restricted root.
> >
> > Unless I'm misunderstanding this, it appears to be pointless since
> > only processes chroot'd to / or /proc could see the entries in the
> > proc file system anyway, as if they're chroot'd anywhere else, they
> > can't even access /proc ???
>
> If you are setting up a server with a chrooted environment for users,
> it is useful to have /proc mounted inside the chroot so that programs
> like top and ps can work, so yes, users can get at /proc.
In 2.0.x it was possible to go upper than chrooted directory doing 'cd
/proc/1/root' for example. Seems it is fixed in 2.2.x (I tried it with
2.2.9), so this isn't so big problem any more. There are no other way to
exit from chrooted directory.
It isn't hard to show only processes with the same root directory but if
You would see processes chrooted to some subdirectory, it isn't so simple
any more (it needs libc getcwd() like function). But of course You
want it because this is the only way to see chrooted processes outside
chrooted area.
--- Cougar
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/