diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 106 |
1 files changed, 106 insertions, 0 deletions
@@ -0,0 +1,106 @@ +schroot +------- + +Securely enter a chroot and run a command or login shell. + +Build Dependencies +------------------ +libpam0g-dev +libglib2.0-dev + +Building +-------- + +"make". There is not currently any autoconf/make setup, so a simple +Makefile is used. + +Installation +------------ + +There is no installation; it only runs in the build directory. + +schroot must be owned by root:root and be setuid in order to chroot() +and use PAM for authentication and authorisation. + +test.conf must be owned by root:root and NOT be writable by other. + +Configuration +------------- + +Edit test.conf to point to some chroots, and then try it out. + +The file format is as follows. The format is documented in the GLib +GKeyFile class. Chroots start with a single line containing the chroot name: + +[unstable] + +followed by key-value pairs setting properties for the chroot: + +description=Debian unstable + +A text description of the chroot. + +location=/srv/chroot/sid + +The directory the chroot lives in. + +groups=sbuild + +A comma-separated list of users who are allowed to use the chroot +(currently users not in the list are prompted for a password, but this +will be tightened up). + +root-groups=root + +A comma-separated list of groups allowed unauthenticated root access +in the chroot. + +aliases=sid,default + +Alternate names for the chroot. They are interchangable with the main +name. + + +Running +------- + +$ ./schroot -l +default +etch +sid +testing +unstable + +$ ./schroot -i -c sid +Name: sid +Description: Debian unstable +Location: /srv/chroot/sid +Groups: sbuild +Root Groups: root +Aliases: unstable default + +(use --all or -c multiple times to use multiple chroots) + +$ ./schroot -c sid /bin/ls +** (schroot:13021): DEBUG: session uid = 1000, gid = 1000 + +PAM authentication succeeded for user rleigh +Running session in sid chroot: +** (schroot:13022): DEBUG: Running command: /bin/ls +#README# sbuild-chroot.h sbuild-config.h sbuild-session.h schroot.c +Makefile sbuild-chroot.o sbuild-config.o sbuild-session.o schroot.o +sbuild-chroot.c sbuild-config.c sbuild-session.c schroot test.conf + +$ ./schroot -c sid -u root +** (schroot:13031): DEBUG: session uid = 1000, gid = 1000 + +** (schroot:13031): DEBUG: session uid = 0, gid = 0 + +Password: +PAM authentication succeeded for user root +Running session in sid chroot: +** (schroot:13032): DEBUG: Running login shell: /bin/bash + +(if I was in root-groups in test.conf, I would be granted root access +without authentication, but the PAM authorisation step is still +applied; see sbuild_session_run() in sbuild-session.c). |