Summary:

  Initial import
Revision:
  schroot--mainline--0.1.0--base-0

Initial import into GNU Arch.

1 files changed, 106 insertions, 0 deletions

diff --git a/README b/README
new file mode 100644
index 00000000..f7901bce
--- /dev/null
+++ b/README
@@ -0,0 +1,106 @@
+schroot
+-------
+
+Securely enter a chroot and run a command or login shell.
+
+Build Dependencies
+------------------
+libpam0g-dev
+libglib2.0-dev
+
+Building
+--------
+
+"make".  There is not currently any autoconf/make setup, so a simple
+Makefile is used.
+
+Installation
+------------
+
+There is no installation; it only runs in the build directory.
+
+schroot must be owned by root:root and be setuid in order to chroot()
+and use PAM for authentication and authorisation.
+
+test.conf must be owned by root:root and NOT be writable by other.
+
+Configuration
+-------------
+
+Edit test.conf to point to some chroots, and then try it out.
+
+The file format is as follows.  The format is documented in the GLib
+GKeyFile class.  Chroots start with a single line containing the chroot name:
+
+[unstable]
+
+followed by key-value pairs setting properties for the chroot:
+
+description=Debian unstable
+
+A text description of the chroot.
+
+location=/srv/chroot/sid
+
+The directory the chroot lives in.
+
+groups=sbuild
+
+A comma-separated list of users who are allowed to use the chroot
+(currently users not in the list are prompted for a password, but this
+will be tightened up).
+
+root-groups=root
+
+A comma-separated list of groups allowed unauthenticated root access
+in the chroot.
+
+aliases=sid,default
+
+Alternate names for the chroot.  They are interchangable with the main
+name.
+
+
+Running
+-------
+
+$ ./schroot -l
+default
+etch
+sid
+testing
+unstable
+
+$ ./schroot -i -c sid
+Name: sid
+Description: Debian unstable
+Location: /srv/chroot/sid
+Groups: sbuild
+Root Groups: root
+Aliases: unstable default
+
+(use --all or -c multiple times to use multiple chroots)
+
+$ ./schroot -c sid /bin/ls
+** (schroot:13021): DEBUG: session uid = 1000, gid = 1000
+
+PAM authentication succeeded for user rleigh
+Running session in sid chroot:
+** (schroot:13022): DEBUG: Running command: /bin/ls
+#README#         sbuild-chroot.h  sbuild-config.h   sbuild-session.h  schroot.c
+Makefile         sbuild-chroot.o  sbuild-config.o   sbuild-session.o  schroot.o
+sbuild-chroot.c  sbuild-config.c  sbuild-session.c  schroot           test.conf
+
+$ ./schroot -c sid -u root
+** (schroot:13031): DEBUG: session uid = 1000, gid = 1000
+
+** (schroot:13031): DEBUG: session uid = 0, gid = 0
+
+Password:
+PAM authentication succeeded for user root
+Running session in sid chroot:
+** (schroot:13032): DEBUG: Running login shell: /bin/bash
+
+(if I was in root-groups in test.conf, I would be granted root access
+without authentication, but the PAM authorisation step is still
+applied; see sbuild_session_run() in sbuild-session.c).