ns-tools

Namespace utilities to reuse Open Source packaging efforts.
git clone git://r-36.net/ns-tools
Log | Files | Refs | LICENSE

commit 6c4f1105314c7d3a93560f821af169058ca9f012
parent 800fcc11a5f864a0b56852652e7a32cbfab3cd49
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date:   Tue,  8 Jul 2014 11:37:25 +0000

README: add more setup information

- kernel configuration.
- capchroot capabilities.

Signed-off-by: Christoph Lohmann <20h@r-36.net>

Diffstat:
README.md | 22++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md @@ -50,15 +50,29 @@ Here are the links to install capchroot. For now this isn't automated. https://dev.archlinux.org/~thomas/capchroot/ http://bedrocklinux.org/1.0alpha1/install.html#DOWNLOAD%20Capchroot -After you have a capchroot(1) binary, copy it to your PATH. Then create the -/etc/capchroot.allow file to define users which are allowed to run capchroot -and where. On my setup there is a »ns« group, which members are allowed to -chroot to the defined namespaces. +After you have a capchroot(1) binary, copy it to your PATH. Set cap_sys_chroot +by running: + + setcap cap_sys_chroot=ep /bin/capchroot + +Then create the /etc/capchroot.allow file to define users which are allowed to +run capchroot and where. On my setup there is a »ns« group, which members +are allowed to chroot to the defined namespaces. cat /etc/capchroot.allow /ns/debian @ns ... +### Kernel configuration + +Depending on the filesystem you use make sure the following options are +enabled in the kernel (for example for ext4): + +These are defined in the kernel .config as: +Ext4 security labels - EXT4_FS_SECURITY=y +Ext4 extended attributes - EXT4_FS_XATTR=y (deprecated, this is now enabled +by default for ext4). + ## Issues in the concept * Unchroot is not yet implemented, so a complete linking in of X11 is not possible.