Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
OK, I've got this chroot jail all set up. I try to run firefox in it (with KDE running locally), and get the message:
"Gtk-WARNING ** cannot open display: "
I know I have to invoke firefox with --display= something. I probably also have to set the DISPLAY environmental variable to something as well. But I've tried all kinds of combinations, and can't get it to work in the chroot jail.
Normally, you should have all dependencies in your jail at the right place.
You can find dependencies via 'ldd'
add: ldd isn't the right way to go. On my slackware, it doesn't actually show all the needed libraries for su. With strace, I got much better results.
Yes, all the dependencies are there. I put a full backup of my system in the jail (I know that's not a good idea for a production system, but once I get it working at all I'll prune it down)
I'm sure it has to do with setting the X Windows output display, and specifying the output display. I believe that when an XApp is run locally, the display is a socket, but in a chroot jail I need to specify the output display using TCP.
you can't run 2 different x-servers so you will have to --bind the correct directories and give chroot access to service information, it should use the DISPLAY configuration and X-server from the host Operating System... I started working on doing this a while back and pretty much did the same thing as you.. Just build the most simple linux framework as you can and bind just the necessary directories, create a user for mozilla and install only for that user, do not give that user permission to modify any of the binded directories and set the chroot size so downloads, tempfiles and all the browser stuff don't takeup more space than you would like to give it.. So many reasons why to do it exactly how is the question.