Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Aug 2025 16:17:45 +0200
From:      Tomek CEDRO <tomek@cedro.info>
To:        Jason Bacon <bacon4000@gmail.com>
Cc:        freebsd-hackers <hackers@freebsd.org>
Subject:   Re: Non-root chroot
Message-ID:  <CAFYkXjk0tmuvayL=5QszqyHCKOHO94aTf7nHLf0afVT7TQambA@mail.gmail.com>
In-Reply-To: <aa1950e6-46d0-44ed-8487-df45bad8b3c8@gmail.com>
References:  <aa1950e6-46d0-44ed-8487-df45bad8b3c8@gmail.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
There is a sysctl to enable user level chroot if you know what you are
doing that works for me (i.e. launch tmux + compiler within custom debian
linuxlator instance or launch 3d slicer linux binary), you can find this
with `sysctl -a | grep chroot` (not at the comp right now sorry). You will
also probably need to enable additional sysctl for network access (its
chroot but jails machanism) when needed (and local firewall when
applicable).

This is good option if you yourself want to test by hand something you
know, but its not secure. Jails will give you better security (i.e.
processing external data, exposing interfaces, etc).

--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info

[-- Attachment #2 --]
<div dir="auto"><div>There is a sysctl to enable user level chroot if you know what you are doing that works for me (i.e. launch tmux + compiler within custom debian linuxlator instance or launch 3d slicer linux binary), you can find this with `sysctl -a | grep chroot` (not at the comp right now sorry). You will also probably need to enable additional sysctl for network access (its chroot but jails machanism) when needed (and local firewall when applicable).</div><div dir="auto"><br></div><div dir="auto">This is good option if you yourself want to test by hand something you know, but its not secure. Jails will give you better security (i.e. processing external data, exposing interfaces, etc).</div><div><br></div><div data-smartmail="gmail_signature">--<br>CeDeROM, SQ7MHZ, <a href="http://www.tomek.cedro.info" target="_blank" rel="noreferrer">http://www.tomek.cedro.info</a></div></div>;
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFYkXjk0tmuvayL=5QszqyHCKOHO94aTf7nHLf0afVT7TQambA>