View Single Post
  #2   (View Single Post)  
Old 22nd December 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

If you describe what you want to accomplish, perhaps someone can give you some assistance.

Key to a userland environment is having enough of the OS available for your entire application. If you want a =complete= userland environment in your chrooted structure, you will have to copy the complete OS into it. I've done this when I needed virtual filesystems structures (but not virtual machines) when doing application development testing.

FAQ 10.16 discusses setting up partial environments for specific web applications using OpenBSD's chrooted Apache.

And if you run -current, there is sysutils/jailkit, which entered the ports tree several months ago. I have not used it, and can't answer any questions about it. The port description says:
Quote:
Jailkit is a set of utilities to limit user accounts to specific
files using chroot() and or specific commands. Setting up a chroot
shell, a shell limited to some specific command, or a daemon inside
a chroot jail is a lot easier and can be automated using these utilities.
Just to level set, do not attempt to use -current applications on -release or -stable flavors of the OS. Keep them in sync, as described in FAQ 15.4.1. For more about -current, see FAQ 5.1.
Reply With Quote