Awful stuff you have to do to jail a program

• Make a static binary or

  • Include all the shared libraries in the chroot directory

• Build a whole file system (a la jail(1)) or

  • Copy each file into the jail

    • /etc/hosts, /dev/null, /dev/zero, /etc/passwd, etc

• Debug the startup

• Put the logs somewhere

Previous slide

Next slide

Back to first slide

View graphic version