On Mon, Jun 23, 2003 at 02:49:27PM -0400, David Coulson wrote:
> Matt Zimmerman wrote:
> >It might be nice if UML could do the chroot/setuid itself if started as
> >root, after opening its files. This way, ubd devices and such could be
> >kept outside the chroot.
> But then the UML would have to be executed initially as root, plus it
> would have to open all the files as root if it was to do so prior to
> chrooting itself.
I imagine it would require reorganizing some code to take care of privileged
operations outside of the chroot as early as possible (to drop privileges as
early as possible), but it certainly would not need to open all the files as
# linux chuid=someuser chroot=/some/path ubd0=...
> The filemap patch makes more sense, since you can feed it file
> descriptors, rather than actual files.
This would require a wrapper to open the files ahead of time, which means
that it either duplicates UML's code for interpreting its command line
arguments, or the configuration is duplicated in two places. This is
certainly easier to implement, but less convenient to use.