खुद को कभी भी जिंक का उपयोग नहीं करने के बाद, मैं केवल संकेत दे
सकता हूं कि मैं आमतौर पर ऐप्स को कैसे छेड़छाड़ करता हूं।
First step would be to gather information on everything the app
needs to run; this I usually accomplish by running systrace(1) and ldd(1) to find out what is needed to
run the software.
के आउटपुट के माध्यम से जाओ
systrace -A -d.
and make sure that everything the app touches and needs (quite a
lot of apps touch stuff it doesn't actually need) is available in
the chroot environment. You might need to tweak configs and
environment variables a bit. Also, if there is an option to have
the app log to syslog, I usually do that and create a syslog socket
(see the -a option of syslogd(8)) in order to decrease the
places the app needs write access to.
What I just described is a generic way to make just about any
program run in a chroot environment (however, if you need to import
half the userland and some suid commands, you might want to just
not do chroot :). For apps running under Apache (I'm sure you're
aware that the OpenBSD httpd(8) is slightly different) you
have the option (once the program has started; any dynamic
libraries still needs to be present in the jail) of using apache to
access the files, allowing the use of httpd.conf to import resources in the
chroot environment without actually copying them.
भी उपयोगी (अगर थोड़ा पुराना है) यह लिंक, रूपरेखा है OpenBSD पर chrooted
PHP में कुछ gotchas।