chroot

I'm writing a web server based on Python which should be able to execute "plugins" so that functionality can be easily extended. For this I considered the approach to have a number of folders (one for each plugin) and a number of shell/python scripts in there named after predefined names for different events that can occur. One example is to have an on_pdf_uploaded.py file which is executed when a PDF is uploaded to the server. To do this I would use Python's subprocess tools. For convenience and security, this would allow me to use Unix environment variables to provide further information and

For two processes A and B, the both use the library libc.so, libc.so is loaded into memory only once. This is a normal situation when A and B both run on the same host and the same rootfs. When it comes to container, if A and B are running in different containers, are A and B sharing same memory area? for example imageA --libc.so --programA imageB --libc.so --programB we use chroot to run A and B in different rootfs. The two libc.so are same. Will libc.so be loaded into memory twice? Actually, processes A & B that use a shared library libc.so can share the same memory. Somewhat un-intuitively

Here's my problem: I want to build a chroot environment inside a docker container. The problem is that debootstrap cannot run, because it cannot mount proc in the chroot: W: Failure trying to run: chroot /var/chroot mount -t proc proc /proc (in the log the problem turns out to be: mount: permission denied ) If I run --privileged the container, it (of course) works... I'd really really really like to debootstrap the chroot in the Dockerfile (much much cleaner). Is there a way I can get it to work? Thanks a lot! No, this is not currently possible. Issue #1916 (which concerns running privileged

Here's the scenario I'm having: I've created a debootstrap ubuntu maverick (64-bit) environment. I placed it at /env/mav/ on my ubuntu (64-bit) lucid system. I can chroot into /env/mav and can utilize a maverick system perfectly. I can even use the lucid programs fine outside the chrooted environment. That is /env/mav/bin/ls will run. However, I noticed that if I modify LD_LIBRARY_PATH to be /env/mav/lib [1] [2] every single program (both lucid and maverick) I run will crash instantly. (e.g. ls results in a segfault). kern.log shows: segfault at 7fece284aa18 ip 00007fece284aa18 sp

I'm setting up a minimal chroot and want to avoid having sudo or su in it but still run my processes as non-root. This is a bit of a trick as running chroot requiers root. I could write a program that does this that would look something like: uid = LookupUser(args[username]) // no /etc/passwd in jail chroot(args[newroot]) cd("/") setuids(uid) execve(args[exe:]) Is that my best bet or is there a standard tool that does that for me? I rolled my own here : kamae If you invoke chroot from root, the chroot option --userspec=USER:GROUP will run the command under the non-root UID/GID. By the way, the