"Logging" In to a chroot
At this point, you'll be able to access the chroot with a command such as $ chroot /chroot/ bash, which will chroot you into the /chroot/ directory and execute bash from within it.
As I mentioned, chroot is not an inherently secure method for isolating applications. By not logging into the chroot as a privileged user such as root, and by removing any setuid and setgid binaries that run with elevated privileges, you can ensure that nothing runs as root within the chroot environment:
# find / -type f -perm +6000
Sandboxing is now easier than ever and its benefits have never been more important. Isolating badly written web applications from the underlying operating system or letting an administrator install a program without affecting the system can save both time and money. Like anything, prevention and foresight can significantly reduce the amount of work needed to maintain and fix a system long term, and sandboxing offers a practical tool to accomplish this.
- Bochs: http://bochs.sourceforge.net/
- KVM: http://kvm.qumranet.com/kvmwiki
- OpenVZ: http://openvz.org/
- QEMU: http://fabrice.bellard.free.fr/qemu/
- User-Mode Linux: http://user-mode-linux.sourceforge.net/
- VMware Server http://www.vmware.com/products/server/
- VirtualBox: http://www.virtualbox.org/
- XEN: http://xensource.com/
- Debian chroot instructions: http://www.debian.org/doc/manuals/reference/ch-tips.en.html#s-chroot
- Free VPS: http://www.freevps.com/
- Linux-VServer: http://linux-vserver.org/
- AppArmor: http://www.novell.com/linux/security/apparmor/
- SELinux: http://www.nsa.gov/selinux/
Buy this article as PDF
Xen project announces a privilege escalation problem for Qemu host systems
Attackers can compromise an Android phone just by sending a text message
PC vendor will pre-install Ubuntu on portables in India.
More embarrassment for Adobe's embattled multimedia tool
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.
Popular desktop environment continues the Gnome 2 legacy – with new support for the Gnome 3 toolkit.
New program will dial up security for the Firefox browser.
Red Hat's community distro embraces the cloud.