chroot

org.gnome.SessionManager in Ubuntu 12.04 chroot

℡╲_俬逩灬. 提交于 2019-12-11 03:26:05
问题 I'm trying to test totem in a minimal chroot (host and chroot both ubuntu 12.04 amd64). When I load a video, I get the error ** (totem:25660): WARNING **: Problem inhibiting the screensaver: GDBus.Error: org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.gnome.SessionManager" does not exist Indeed, the screen will turn off (session idle) while watching a video. To confirm, I tested with python: >>> import dbus >>> bus = dbus.SessionBus() >>> bus.get_object('org.gnome.SessionManager','/org

bypass dev/urandom|random for testing

偶尔善良 提交于 2019-12-10 13:53:56
问题 I want to write a functional test case that tests a program with a known value for random numbers. I have already tested it with mocks during the unit testing. But I would like that for functional testing as well (not all of them, of course :) What is the easiest way to have /dev/urandom overridden for just one process? Is there a way to do something like a chroot for a single file and let all the others 'pass through'? 回答1: If your system is new enough (e.g. RHEL 7) and supports setns

CentOS 下使用SFTP实现网站自动生成FTP账号,实现Chroot功能

五迷三道 提交于 2019-12-07 20:23:20
背景 手上有一个这样的系统:后台可以直接新建项目(网站),只需输入项目名称、访问域名(二级)以及其他一些额外信息,就可自动生成一个模板网站。大致原理是:提交这些信息的时候,后台会给项目新建一个目录,并把一些必须的文件拷贝过去,然后会有一个二级域名映射文件实现二级域名访问。当然,一级域名可实现访问,前提是要完成备案。 之前对于单个项目都是通过一个统一sftp账号管理的,随着项目的增多,发现要找到相应目录会比较困难,所以现在希望在新建项目的时候能够自动生成对应的sftp账号,实现一对一管理。 过程 vsftpd是首选,我也尝试过这种实现。由于内部服务器架构的问题,IP地址是个限制,无法实现vsftpd的访问,询问过相关人员给出的答案也是如此,所以作罢。 经过一番了解,发现sftp是剩下的唯一一条路,接着熟悉、实践,最终解决上级需求。 由于不需要安装其他第三方软件,只需要CentOS系统账户以及一些目录权限的设置,整个实现过程不是太复杂,但权限的问题绝不是那么容易就可以搞定的,有一些 规则 不能违背,否则失败。 假设目录结构是这样的: /var/www/site1 /var/www/site2 相应的系统账号分别是 site1 和 site2 ,使用passwd设置相应密码,site1 和 site2 的家目录分别是/var/www/site1和 /var/www/site2

Can I restrict access to certain files for a certain process?

为君一笑 提交于 2019-12-07 01:47:14
问题 Is it possible to start a process in Linux, and restrict its access to certain files/directories? For example: $ start-process --enable-dir=./sandbox --exec="some-script.sh" some-script.sh won't be able to do anything outside of ./sandbox . 回答1: You can use chroot to set the root directory of your process tree. This means however, that all dependencies of that process must be available in it's new root. There are a number of packages that can help you setup chroot-environments for your needs.

openssl inside a chroot

痴心易碎 提交于 2019-12-06 06:54:08
问题 I'm getting the following error when I try to make an ssl connection from inside a chroot jail: twisted.internet.error.ConnectionLost: Connection to the other side was lost in a non-clean fashion. I'm using the openssl 0.9.6 with pyopenssl to make the ssl connection and I'm using the twisted python library for python 2.4 on Linux (centos 5.5). After some troubleshooting I've discovered that openssl is failing because it is trying to read the /dev/random file and it is failing because there is

Python: Securing untrusted scripts/subprocess with chroot and chjail?

一世执手 提交于 2019-12-05 17:20:05
问题 I'm writing a web server based on Python which should be able to execute "plugins" so that functionality can be easily extended. For this I considered the approach to have a number of folders (one for each plugin) and a number of shell/python scripts in there named after predefined names for different events that can occur. One example is to have an on_pdf_uploaded.py file which is executed when a PDF is uploaded to the server. To do this I would use Python's subprocess tools. For convenience

Can I restrict access to certain files for a certain process?

心不动则不痛 提交于 2019-12-05 05:39:13
Is it possible to start a process in Linux, and restrict its access to certain files/directories? For example: $ start-process --enable-dir=./sandbox --exec="some-script.sh" some-script.sh won't be able to do anything outside of ./sandbox . You can use chroot to set the root directory of your process tree. This means however, that all dependencies of that process must be available in it's new root. There are a number of packages that can help you setup chroot-environments for your needs. Google is your friend ;) Some pointers on building a chroot environment When builing a chroot for some

Shared library in containers

时间秒杀一切 提交于 2019-12-04 15:44:10
问题 For two processes A and B, the both use the library libc.so, libc.so is loaded into memory only once. This is a normal situation when A and B both run on the same host and the same rootfs. When it comes to container, if A and B are running in different containers, are A and B sharing same memory area? for example imageA --libc.so --programA imageB --libc.so --programB we use chroot to run A and B in different rootfs. The two libc.so are same. Will libc.so be loaded into memory twice? 回答1:

openssl inside a chroot

烈酒焚心 提交于 2019-12-04 14:48:20
I'm getting the following error when I try to make an ssl connection from inside a chroot jail: twisted.internet.error.ConnectionLost: Connection to the other side was lost in a non-clean fashion. I'm using the openssl 0.9.6 with pyopenssl to make the ssl connection and I'm using the twisted python library for python 2.4 on Linux (centos 5.5). After some troubleshooting I've discovered that openssl is failing because it is trying to read the /dev/random file and it is failing because there is no /dev/random inside the chroot. I've confirmed that if I create a /dev/random file inside the chroot

加固你的TOMCAT,让TOMCAT在chroot的环境下运行

血红的双手。 提交于 2019-12-04 03:39:26
众所周知,chroot下linux系统的一个安全机制,chroot是linux内核的一个系统调用,通过它,可以设定应用软件的运行环境,让应用软件运行在一个特定目录下,这样,即使应用软件有安全漏洞,被入侵,入侵者也被限制在一个特定的目录,从面限制了入侵者的破坏范围。加固了系统的安全性。本文以tomcat为例,详细记录了tomcat以chroot的方式运行的配置过程,也记录配置过程中的出错及排错方法。 环境及工具:系统64位的CentOS6.4、 dk为 jdk-7u45-linux-x64.tar.gz、 apache-tomcat-6.0.41.tar.gz 一、配置java chroot环境 1、先配置jdk,这次配置使用的是 jdk-7u45-linux-x64.tar.gz tar zxvf jdk-7u45-linux-x64.tar.gz mkdir /usr/java cp -a jdk1.7.0_45 /usr/java/ [root@2core local]# /usr/java/jdk1.7.0_45/bin/java -version java version "1.7.0_45" Java(TM) SE Runtime Environment (build 1.7.0_45-b18) Java HotSpot(TM) 64-Bit Server VM
订阅 chroot