Dne Út 4. srpna 2009 14:54:22 Simon Loewenthal - Tele2 napsal(a):
Dear all,
I am looking for the right way to configure chroot goals on SLES 11 for an application. I have seen a few guides for various O/Ses for chrooting SSH/FTP/BIND/Apache and so on, but the application I have is a java app.
The server (which runs an http port on a few unpriveledged ports) is based on Java and is already self-contained through the Java sandbox. All processes run as an unprivileged user.
'I think that the application contains all necessary jars and its own Java runtime environment', said the manufactured.
About twice in the past have I set-up chroot and really have little knowledge. I imagine that I would have to copy over any dynamically linked libraries that any of the application uses, but its Java so I am unsure what happens here.
How would I go about this?
The simplest way should be mkdir -p /chroot/etc cp -r /etc/zypp /chroot/etc zypper -R /chroot ref zypper -R /chroot install java-1_6_0-{sun,ibm} This installs only a basic system, which is able to run a JRE. After that you can uninstall a java package, because you don't need it, if the application has own bundled JRE. Just be sure that you installs a right architecture (32bit/64bit). Then copy the application to /chroot, don't forget mount /proc as Andreas mentioned above: mount /proc via mount -o bind /proc /chroot/proc And this can be enough. The just chroot /chroot groupadd group usedadd user:group exec su user run_app If the application will need any other think, just can simply install it via zypper. BTW: please tell me if that worked and I'll add it as a HOWTO on openSUSE wiki. Regards Michal Vyskocil