A chroot jail is a way to isolate a process and its children from the rest of the system. It should only be used for processes that don't run as root, as root users can break out of the jail very easily.
The idea is that you create a directory tree where you copy or link in all the system files needed for a process to run. You then use the chroot() system call to change the root directory to be at the base of this new tree and start the process running in that chroot'd environment. Since it can't actually reference paths outside the modified root, it can't perform operations (read/write etc.) maliciously on those locations.
On Linux, using a bind mounts is a great way to populate the chroot tree. Using that, you can pull in folders like /lib and /usr/lib while not pulling in /user, for example. Just bind the directory trees you want to directories you create in the jail directory.
Setup Bind DNS Server in Chroot Jail on CentOS 7
1. Install Bind Chroot DNS server :
# yum install bind-chroot -y
2. Initialize the /var/named/chroot environment by running:
# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
No comments:
Post a Comment