Menu
▾
▴
Re: [uml-devel] Bug report
|
From: Matt Z. <md...@de...> - 2003-06-23 19:00:47
|
On Mon, Jun 23, 2003 at 02:49:27PM -0400, David Coulson wrote: > Matt Zimmerman wrote: > >It might be nice if UML could do the chroot/setuid itself if started as > >root, after opening its files. This way, ubd devices and such could be > >kept outside the chroot. > > But then the UML would have to be executed initially as root, plus it > would have to open all the files as root if it was to do so prior to > chrooting itself. I imagine it would require reorganizing some code to take care of privileged operations outside of the chroot as early as possible (to drop privileges as early as possible), but it certainly would not need to open all the files as root. # linux chuid=someuser chroot=/some/path ubd0=... seteuid(someuser) ...open files... seteuid(root) chroot(/some/path) setuid(someuser) > The filemap patch makes more sense, since you can feed it file > descriptors, rather than actual files. This would require a wrapper to open the files ahead of time, which means that it either duplicates UML's code for interpreting its command line arguments, or the configuration is duplicated in two places. This is certainly easier to implement, but less convenient to use. -- - mdz |
