Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add chroot() support #38

Open
1 task done
sisungo opened this issue Jul 29, 2024 · 0 comments
Open
1 task done

Add chroot() support #38

sisungo opened this issue Jul 29, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@sisungo
Copy link
Owner

sisungo commented Jul 29, 2024
edited
Loading

Introduction

Many services use chroot() to improve security. Supporting specifying root directory in Airup service manifest could make the system more secure.

Unresolved Questions

  • Rust standard library haven't supported chroot-ing for child processes yet. However, when using pre_exec to reach the goal, setuid() is earlier called, causing user switching to be conflicted with chroot-ing (that's also why we commented setgroup()). Should we switch to use pre_exec for setuid(), too, in order to keep the order?
sisungo added a commit that referenced this issue Jul 30, 2024
@sisungo
Implement #38
694bb96
@sisungo sisungo mentioned this issue Aug 2, 2024
Open
@sisungo sisungo added the enhancement New feature or request label Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sisungo