From owner-freebsd-questions Mon May 19 10:08:20 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id KAA04084 for questions-outgoing; Mon, 19 May 1997 10:08:20 -0700 (PDT) Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA04072 for ; Mon, 19 May 1997 10:08:15 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.7.6/8.7.3) id TAA13353; Mon, 19 May 1997 19:06:58 +0200 (MET DST) Date: Mon, 19 May 1997 19:06:58 +0200 (MET DST) Message-Id: <199705191706.TAA13353@bitbox.follo.net> From: Eivind Eklund To: Andrew Edmond CC: questions@FreeBSD.ORG In-reply-to: Andrew Edmond's message of Mon, 19 May 1997 00:56:35 -0600 (Mountain Daylight Time) Subject: Re: chroot'ed Virtual Machine on FreeBSD? References: Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > I'm helping a friend set-up a webhosting service using FreeBSD, and I know > it's somehow possible to make "virtual" machines, meaning the paying > customer would telnet to "theirdomain.com" and be presented with what > appears to be their own FreeBSD machine, with the full file hierarchy and > root access, but in reality this would only be a chrooted shell. Does > anybody know how to accomplish this.... ? If they have root access, you have a problem. There are a lot of services outside the file system (the network interfaces, direct disk access through devices), and chroot on FreeBSD isn't safe from root - a chroot can be broken (or could, at least. We might have fixed that now.) Basically, though, you can't provide a shell that is completely safe from root. chroot() is only a convenience to protect parts of the file system from other users. Eivind.