The grsec Chroot jail restrictions are great and I use them on every machine I have.
Recently I have been wanting to make better use of my hardware so I compiled the vserver+grsec kernel to get vserver up and running.
The problem I am running into is that each vserver is essentially itself a chroot, and will in turn have its own set of chrooted services. Since a vserver is essentially a chroot, I cant use many of the all-important restrictions like "Deny (f)chmod +s" "Deny mounts" and "Deny double-chroots" on a vserver guest's chrooted services, while still allowing the vserver to funtion as normal.
I am wondering if the ACL features will give me the granularity needed so that I can disable the chroot restrictions by default, and then enable the grsec Chroot restrictions on specific subdirectories located in a vserver?
Any ideas on how to use vserver and all of the Chroot restrictions at the same time would be greatly appreciated, thanks!
Grsec Chroot restrictions, ACL, and vserver
3 posts
• Page 1 of 1
Grsec Chroot restrictions, ACL, and vserver
by ronaldjeremy » Tue Sep 04, 2007 11:10 am
- ronaldjeremy
- Posts: 3
- Joined: Tue Sep 04, 2007 10:39 am
Re: Grsec Chroot restrictions, ACL, and vserver
by ronaldjeremy » Thu Sep 06, 2007 2:34 pm
Anyone?
I guess really you can take vserver out of the question, what I am really wanting to know is can ACL be used to apply all of the chroot restrictions just on a specific directory (and all of its subdirectories)?
I guess really you can take vserver out of the question, what I am really wanting to know is can ACL be used to apply all of the chroot restrictions just on a specific directory (and all of its subdirectories)?
- ronaldjeremy
- Posts: 3
- Joined: Tue Sep 04, 2007 10:39 am
Re: Grsec Chroot restrictions, ACL, and vserver
by ronaldjeremy » Mon Oct 15, 2007 10:27 pm
a simple yes or no would suffice. it this possible? thanks.
- ronaldjeremy
- Posts: 3
- Joined: Tue Sep 04, 2007 10:39 am
3 posts
• Page 1 of 1