Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
There is less than 12 hours left to vote in the 2015 LinuxQuestions.org Members Choice Awards. Click here to go to the polls. Vote now and make sure your voice is heard!
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
OK, I've got this chroot jail all set up. I try to run firefox in it (with KDE running locally), and get the message:
"Gtk-WARNING ** cannot open display: "
I know I have to invoke firefox with --display= something. I probably also have to set the DISPLAY environmental variable to something as well. But I've tried all kinds of combinations, and can't get it to work in the chroot jail.
Normally, you should have all dependencies in your jail at the right place.
You can find dependencies via 'ldd'
add: ldd isn't the right way to go. On my slackware, it doesn't actually show all the needed libraries for su. With strace, I got much better results.
Yes, all the dependencies are there. I put a full backup of my system in the jail (I know that's not a good idea for a production system, but once I get it working at all I'll prune it down)
I'm sure it has to do with setting the X Windows output display, and specifying the output display. I believe that when an XApp is run locally, the display is a socket, but in a chroot jail I need to specify the output display using TCP.
you can't run 2 different x-servers so you will have to --bind the correct directories and give chroot access to service information, it should use the DISPLAY configuration and X-server from the host Operating System... I started working on doing this a while back and pretty much did the same thing as you.. Just build the most simple linux framework as you can and bind just the necessary directories, create a user for mozilla and install only for that user, do not give that user permission to modify any of the binded directories and set the chroot size so downloads, tempfiles and all the browser stuff don't takeup more space than you would like to give it.. So many reasons why to do it exactly how is the question.