Date: Sun, 23 Aug 2015 10:02:45 +0200 From: Johan Hendriks <joh.hendriks@gmail.com> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: SSH Chroot FreeBSD 10.1 and 10.2 Message-ID: <CAOaKuAXBfMw-=e_euSTzHDgF8CP2RLuO54MrWYxR9xy%2Be3w7QQ@mail.gmail.com> In-Reply-To: <55D899C4.30406@codelibre.net> References: <55D879DA.1070407@gmail.com> <CAKFCL4V=bUiHo4Mtjw67sYRddC6fbodS3koYg5qZkExr6BueRw@mail.gmail.com> <F77B357B-3DD3-40AC-A16F-027FAC9CA136@ultra-secure.de> <CAKFCL4UYcJYmXLLKxatnRAEQftJ_2bgAbgMdfKiGm-0o6JSGjA@mail.gmail.com> <55D899C4.30406@codelibre.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Op zaterdag 22 augustus 2015 heeft Roger Leigh <rleigh@codelibre.net> het volgende geschreven: > On 22/08/2015 15:01, Brandon Allbery wrote: > >> On Sat, Aug 22, 2015 at 10:54 AM, Rainer Duffner <rainer@ultra-secure.de= > >> wrote: >> >> I found it=E2=80=99s much easier to have actual chroot=E2=80=99ed ssh us= ers once the users >>> themselves are in an LDAP-directory. >>> Also, for doing anything useful on that shell, it turned out you need a >>> some more devices in /dev than the usual chroot (like a chroot=E2=80=99= ed >>> PHP-FPM, >>> that just needs the dev-set of jail(4)). >>> And a couple of symlinks. >>> >>> >> Yep; chroots are always a pain to deal with. I have seen utilities to >> manage them, but only for Linux. >> > > For your information, I'm in the process of porting my schroot chroot > management tool to FreeBSD. > > https://github.com/codelibre-net/schroot > > This was traditionally a Linux (Debian) chroot tool for building source > packages, but it's worked on Debian GNU/kFreeBSD for a good while so it > already supported nullfs filesystem mounts e.g. of home directories and > devices, and now the work to build it on FreeBSD proper is done--I was > blocked on toolchain/linker bugs for the last 18 months until 10.2 came o= ut > (C++11 nullptr_t was broken) > > The master branch is current development work, and I got it all building > on FreeBSD 10.2-RELEASE just yesterday. It's not yet actually *tested* o= n > FreeBSD other than the unit tests pass. So it might not be > production-ready right now, but it should be fairly soon. Now it's > building, I'll also look at adding some FreeBSD-specific features to it a= s > well, like ZFS snapshots, jail support, etc. > > While the compiled binaries should be fine, there may be residual > Debianisms/GNU libc-isms in the setup scripts. They are likely trivial to > fix though. > > If anyone wants to give it a try and provide some feedback, or if you hav= e > any suggestions or feature requests, please just let me know either by ma= il > or at https://github.com/codelibre-net/schroot/issues > Instructions for building on FreeBSD are in the README > https://github.com/codelibre-net/schroot/blob/master/README.md > > > > Kind regards, > Roger > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" Thank you all for your time and contribution. I will look at the suggestions given here in the coming days. Regards Johan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOaKuAXBfMw-=e_euSTzHDgF8CP2RLuO54MrWYxR9xy%2Be3w7QQ>