SSH Chroot FreeBSD 10.1 and 10.2
Johan Hendriks
joh.hendriks at gmail.com
Sun Aug 23 08:02:46 UTC 2015
Op zaterdag 22 augustus 2015 heeft Roger Leigh <rleigh at codelibre.net> het
volgende geschreven:
> On 22/08/2015 15:01, Brandon Allbery wrote:
>
>> On Sat, Aug 22, 2015 at 10:54 AM, Rainer Duffner <rainer at ultra-secure.de>
>> wrote:
>>
>> I found it’s much easier to have actual chroot’ed ssh users once the users
>>> themselves are in an LDAP-directory.
>>> Also, for doing anything useful on that shell, it turned out you need a
>>> some more devices in /dev than the usual chroot (like a chroot’ed
>>> PHP-FPM,
>>> that just needs the dev-set of jail(4)).
>>> And a couple of symlinks.
>>>
>>>
>> Yep; chroots are always a pain to deal with. I have seen utilities to
>> manage them, but only for Linux.
>>
>
> For your information, I'm in the process of porting my schroot chroot
> management tool to FreeBSD.
>
> https://github.com/codelibre-net/schroot
>
> This was traditionally a Linux (Debian) chroot tool for building source
> packages, but it's worked on Debian GNU/kFreeBSD for a good while so it
> already supported nullfs filesystem mounts e.g. of home directories and
> devices, and now the work to build it on FreeBSD proper is done--I was
> blocked on toolchain/linker bugs for the last 18 months until 10.2 came out
> (C++11 nullptr_t was broken)
>
> The master branch is current development work, and I got it all building
> on FreeBSD 10.2-RELEASE just yesterday. It's not yet actually *tested* on
> FreeBSD other than the unit tests pass. So it might not be
> production-ready right now, but it should be fairly soon. Now it's
> building, I'll also look at adding some FreeBSD-specific features to it as
> well, like ZFS snapshots, jail support, etc.
>
> While the compiled binaries should be fine, there may be residual
> Debianisms/GNU libc-isms in the setup scripts. They are likely trivial to
> fix though.
>
> If anyone wants to give it a try and provide some feedback, or if you have
> any suggestions or feature requests, please just let me know either by mail
> or at https://github.com/codelibre-net/schroot/issues
> Instructions for building on FreeBSD are in the README
> https://github.com/codelibre-net/schroot/blob/master/README.md
>
>
>
> Kind regards,
> Roger
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
Thank you all for your time and contribution.
I will look at the suggestions given here in the coming days.
Regards
Johan
More information about the freebsd-stable
mailing list