LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-17-2005, 04:47 AM   #1
The_JinJ
Member
 
Registered: Apr 2004
Location: Scotland
Distribution: Suse, OpenWRT
Posts: 299

Rep: Reputation: 30
Question Container/Dir/File encryption ofr chroot jail


Hi all

Has anyone used container encryption in a chroot jail where there are multiple jailed users (in different jails) and encryption is used on directories, container. I had setup dm-crypt but it relies on /dev/mapper which seems to be a problem for the chroot's users.
Any other ideas what might be useful to try here?

Cheers
 
Old 12-17-2005, 09:54 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
Haven't done it but chroot by its nature doesn't allow access to anything outside its directory. Do you have dev/mapper UNDER the chroot jail directory? You can find out major/minor of device by doing ls -l /dev/mapper then create mkdir JAILDIR/dev and mknod JAILDIR/mapper [cb] MAJ MIN.
 
Old 12-17-2005, 10:27 AM   #3
The_JinJ
Member
 
Registered: Apr 2004
Location: Scotland
Distribution: Suse, OpenWRT
Posts: 299

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by jlightner
Haven't done it but chroot by its nature doesn't allow access to anything outside its directory. Do you have dev/mapper UNDER the chroot jail directory? You can find out major/minor of device by doing ls -l /dev/mapper then create mkdir JAILDIR/dev and mknod JAILDIR/mapper [cb] MAJ MIN.
Tried creating with mknode - also mount --bind - seems it always needs to make calls outside that it can't do (or needs to be root). Same problem using fuse/fusermount. It can't mount the drive as it needs to run as root apparently (not just for the mount)
 
Old 12-17-2005, 12:35 PM   #4
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
My apologies I should have said "mkdir JAILDIR/dev" then "mknod [bc] JAILDIR/dev/mapper" - left out the dev in above for mknod.

Did you put it in JAILDIR/dev or just JAILDIR?

Also not sure what it is "mounting" so if you tried it with JAILDIR/dev/mapper then hopefully somone else will know how to proceed.
 
Old 12-17-2005, 12:40 PM   #5
The_JinJ
Member
 
Registered: Apr 2004
Location: Scotland
Distribution: Suse, OpenWRT
Posts: 299

Original Poster
Rep: Reputation: 30
mapper is in dev and is correct (and the control file) - it seems to always try to reference /dev/mapper but obviously can't see it
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot jail Gimpy Linux - Software 10 05-07-2010 02:30 PM
Chroot jail pachanga Linux - General 12 09-26-2008 06:15 AM
Jail and chroot rogk Linux - Security 2 10-16-2005 03:20 AM
chroot jail etc. f1uke Linux - Security 5 08-24-2005 04:12 AM
chroot jail simon Linux - Security 3 08-05-2001 09:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration