"Logging" In to a chroot
At this point, you'll be able to access the chroot with a command such as $ chroot /chroot/ bash, which will chroot you into the /chroot/ directory and execute bash from within it.
As I mentioned, chroot is not an inherently secure method for isolating applications. By not logging into the chroot as a privileged user such as root, and by removing any setuid and setgid binaries that run with elevated privileges, you can ensure that nothing runs as root within the chroot environment:
# find / -type f -perm +6000
Sandboxing is now easier than ever and its benefits have never been more important. Isolating badly written web applications from the underlying operating system or letting an administrator install a program without affecting the system can save both time and money. Like anything, prevention and foresight can significantly reduce the amount of work needed to maintain and fix a system long term, and sandboxing offers a practical tool to accomplish this.
- Bochs: http://bochs.sourceforge.net/
- KVM: http://kvm.qumranet.com/kvmwiki
- OpenVZ: http://openvz.org/
- QEMU: http://fabrice.bellard.free.fr/qemu/
- User-Mode Linux: http://user-mode-linux.sourceforge.net/
- VMware Server http://www.vmware.com/products/server/
- VirtualBox: http://www.virtualbox.org/
- XEN: http://xensource.com/
- Debian chroot instructions: http://www.debian.org/doc/manuals/reference/ch-tips.en.html#s-chroot
- Free VPS: http://www.freevps.com/
- Linux-VServer: http://linux-vserver.org/
- AppArmor: http://www.novell.com/linux/security/apparmor/
- SELinux: http://www.nsa.gov/selinux/
Buy this article as PDF
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
New cloud combines worldwide access with local attention to data security.
A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.
FOSS community acts to protect freedom of choice for laptop devices.
Quintessential open source browser shores up its market share with a step toward the proprietary dark side.
Authorities in 16 countries take action against users of the imfamous BlackShades malware tool.