Bug#778581: systemd install breaks chroot jail and compromises guest system
Martin Pitt
mpitt at debian.org
Sun Apr 12 11:19:00 BST 2015
Hello Wolfgang,
Wolfgang Rosner [2015-04-12 9:17 +0200]:
> Nevertheless, I still think there is a severe documentation issue.
>
> Everybody using chroot the first time comes with some kind of half complete
> knowledge, stumbling into the expectation "with chroot, everything is jailed
> and safe".
That's not *at all* what chroots are about. "jailed and safe" applies
to containers, not simple chroots; they are merely a different file
system hierarchy, but they completely share the network, process, NSS,
and MAC spaces of the "main" system. So running anything in a chroot
is never "jailed".
Are you aware of a particular piece of documentation which is
misleading and should be updated?
> Maybe you could also set policy-rc.d by default in a debootstrapped
> installation?
That might be worth a bug report; it's not appropriate to do that by
default as debootstrap is usually being used for use cases where you
*do* want services to start. But an option to create a suppressing
policy-rc.d indeed sounds nice, and having and documenting it might
also increase awareness of this issue.
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the Pkg-systemd-maintainers
mailing list