|
From: | Olivier Sessink |
Subject: | Re: [Jailkit-users] Installing all files from an rpm (or rpm -q --filesbypkg ???) |
Date: | Wed, 01 Aug 2007 23:36:08 +0200 |
User-agent: | Icedove 1.5.0.12 (X11/20070607) |
Anton Melser wrote:
Hi (first post!), I have just found the wonderful jailkit. I spent ages looking for a tool like this, and then came back with the right google keywords and paff! Jailkit! Hurrah! Anyway, is there any way to get all the files installed by an rpm? I know this is pretty complicated, and in a way would mean providing an advanced interface to rpm (or apt, or whatever...) but I need to install apache + mod_php + the mysql client (for mysqlphp) into a chroot, and am finding it a little hard... Does anyone have any pointers on how I might be able to do this?
I don't really understand your question. do you want a jailkit rpm, or you want to install a chroot using rpm's? in the latter case, the 'debootstrap' utility in Debian can create a chroot environment using .deb packages. However, the chroot jail is fully equivalent to a real system, so there is no security gain there.
I would look at the code but alas, python is not one of my languages and it is a little daunting. My idea was to run two apaches (or maybe a squid and an apache) and have the chrooted apache run on a non-privileged port (redirected from normal apache or squid on port 80 for virtual host X), as the chroot user needs to be able to have full control over apache.
perhaps look into mod_chroot for apache. only the master process runs as root on the normal system and listens on port 80, all children run in a chroot.
you can run mysql in the same chroot jail. if you run mysql in a different chroot jail you need to mount the directory where the mysql socket is als in the apache chroot jail (using a 'bind' mount).
regards, Olivier
[Prev in Thread] | Current Thread | [Next in Thread] |