Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Feb 2006 13:15:44 -0800
From:      Doug Barton <dougb@FreeBSD.org>
To:        Harti Brandt <harti@freebsd.org>
Cc:        freebsd-net@FreeBSD.org, Anders Nordby <anders@FreeBSD.org>, Gleb Smirnoff <glebius@FreeBSD.org>, kuriyama@FreeBSD.org, demon@FreeBSD.org
Subject:   Re: bsnmpd
Message-ID:  <43F24880.3040208@FreeBSD.org>
In-Reply-To: <20060214154833.I5083@beagle.kn.op.dlr.de>
References:  <20060206092443.GA61116@totem.fix.no>	<20060207141131.GU877@FreeBSD.org>	<20060213173008.GA14643@totem.fix.no>	<20060214090531.X5083@beagle.kn.op.dlr.de>	<20060214083010.GB41864@totem.fix.no>	<20060214093513.F5083@beagle.kn.op.dlr.de>	<20060214084459.GL86448@cell.sick.ru>	<20060214103723.GA45138@totem.fix.no>	<20060214103901.GB68308@cell.sick.ru>	<20060214105821.GA47035@totem.fix.no> <20060214154833.I5083@beagle.kn.op.dlr.de>

next in thread | previous in thread | raw e-mail | index | archive | help
Harti Brandt wrote:
> On Tue, 14 Feb 2006, Anders Nordby wrote:

> AN>- Ability to chroot itself (yes please, for security).
> 
> I don't have enough rc-foo for this. Perhaps someone can jump in here?

This actually isn't all that hard. Basically you set $name_chroot to the
directory it should chroot too. It's also a good idea to include that
directory in required_dirs. If the bsnmpd binary has it's own chroot command
line option, take a look at how rc.d/named does it in HEAD. Otherwise, there
are notes in /etc/rc.subr and, the freebsd-rc@ list stands ready to help. :)

Doug

-- 

    This .signature sanitized for your protection




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F24880.3040208>