Date: Mon, 19 May 1997 19:06:58 +0200 (MET DST) From: Eivind Eklund <perhaps@yes.no> To: Andrew Edmond <edmond@shaman.lycaeum.org> Cc: questions@FreeBSD.ORG Subject: Re: chroot'ed Virtual Machine on FreeBSD? Message-ID: <199705191706.TAA13353@bitbox.follo.net> In-Reply-To: Andrew Edmond's message of Mon, 19 May 1997 00:56:35 -0600 (Mountain Daylight Time) References: <Pine.WNT.3.96.970519005307.-3831461M-100000@apocalypse>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I'm helping a friend set-up a webhosting service using FreeBSD, and I know > it's somehow possible to make "virtual" machines, meaning the paying > customer would telnet to "theirdomain.com" and be presented with what > appears to be their own FreeBSD machine, with the full file hierarchy and > root access, but in reality this would only be a chrooted shell. Does > anybody know how to accomplish this.... ? If they have root access, you have a problem. There are a lot of services outside the file system (the network interfaces, direct disk access through devices), and chroot on FreeBSD isn't safe from root - a chroot can be broken (or could, at least. We might have fixed that now.) Basically, though, you can't provide a shell that is completely safe from root. chroot() is only a convenience to protect parts of the file system from other users. Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705191706.TAA13353>