What chroot() is really for

Posted Oct 4, 2007 4:29 UTC (Thu) by sweikart (guest, #4276)
Parent article: What chroot() is really for

A good overview of using chroot for security can be found at:

http://kerneltrap.org/Linux/Abusing_chroot#comment-273655

> Maintaining an up-to-date chroot() environment adds an additional
> burden on administrators as well; update tools do nothing to help
> keep utilities secure if they live outside of the normal places.

Various people have written scripts that will create chroot jails;
I'm not sure sure how many of them will also update chroot jails.

When you write a chroot-jail builder-script, it's not that hard to
write it to either create a new jail or update an existing jail
(I've written my scripts that way).