[buildd-tools-devel] Bug#637870: Provide more isolation than just chroot
Vincent Bernat
bernat at debian.org
Mon Aug 15 10:46:31 UTC 2011
Package: schroot
Version: 1.4.23-1
Severity: wishlist
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
Recent Linux kernels allow more advanced isolation than just
chrooting. From clone(2) manpage, those possibilities exist:
- CLONE_NEWPID: new PID namespace, including the fact that when the
initial process dies (in case of schroot, this could be the shell),
all other processes start die as well. This would be a very cool
feature when starting daemons in the chroot.
- CLONE_NEWNS: mentioned in bug #488225.
- CLONE_NEWIPC: new IPC namespace, with complete destruction on exit
- CLONE_NEWNET: new network namespace, maybe could be done later
since it needs to be configured properly to be useful.
- CLONE_NEWUTS: not sure when it is useful
CLONE_NEWPID + CLONE_NEWNS + CLONE_NEWIPC would be great!
I am unsure if this can be done into setup scripts but I will look at
it. Maybe with an helper?
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages schroot depends on:
ii libboost-filesystem1.46.1 1.46.1-6 filesystem operations (portable pa
ii libboost-program-options1.4 1.46.1-6 program options library for C++
ii libboost-regex1.46.1 1.46.1-6 regular expression library for C++
ii libboost-system1.46.1 1.46.1-6 Operating system (e.g. diagnostics
ii libc6 2.13-16 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.6.1-6 GCC support library
ii liblockdev1 1.0.3-1.4+b1 Run-time shared library for lockin
ii libpam0g 1.1.3-2 Pluggable Authentication Modules l
ii libstdc++6 4.6.1-6 GNU Standard C++ Library v3
ii libuuid1 2.19.1-5 Universally Unique ID library
ii schroot-common 1.4.23-1 common files for schroot
schroot recommends no packages.
Versions of packages schroot suggests:
pn aufs-modules | unionfs-modul <none> (no description available)
pn btrfs-tools <none> (no description available)
ii debootstrap 1.0.35 Bootstrap a basic Debian system
ii lvm2 2.02.84-3.1 The Linux Logical Volume Manager
ii unzip 6.0-5 De-archiver for .zip files
- -- Configuration Files:
/etc/schroot/schroot.conf changed [not included]
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk5I+QQACgkQKFvXofIqeU6JTwCgoGSWB/vUDK3iAId0O43U01og
kC8AmwYTW6h1x4upNMxXpdvZtb4YkMgl
=7PRW
-----END PGP SIGNATURE-----
More information about the Buildd-tools-devel
mailing list