Hi,
Can we do chroot against a btrfs system volume snapshot?... Can we do this in order to; for example, build an application (installing dev packages and build the deb)..
or run an isolated app?.. (I understand when you run an app within chroot space, It's confined)
thanks.,
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Can we do chroot against a btrfs snapshot?
Re: Can we do chroot against a btrfs snapshot?
thanks for answering pH.p.H wrote:Why not, if you can mount it or access it within a mounted parent subvolume ?
cool!!.. and do you know If we can get isolation like with firejail by running and app in chroot.. I would like to isolate an old brave browser version, that doesnt work with firejail.. dont know how to do it..and had thought abour running it in chroot space..
I dont know how to isolate the browser in an easy way without using firejial .. couldn't be just enought by running the browser with another specific user to isolate main home and mounted folders and remove access permisons to that user's browser.?.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Can we do chroot against a btrfs snapshot?
A chroot is not a security feature: https://access.redhat.com/blogs/766093/posts/1975883
deadbang
Re: Can we do chroot against a btrfs snapshot?
Attacking the chrootHead_on_a_Stick wrote:A chroot is not a security feature: https://access.redhat.com/blogs/766093/posts/1975883
So, If a process running in memory throught chroot escape a flaw and run malicious code it could execute commands with the privileges of root..but, what happend if you modify root password outside chroot, when chroot is running.. coult it be able to execute that malicious code any command as well??.. I mean chroot gets root privileges over the chrooted space, but then if it achieves to escape and run any command outside it would find root password has changed.. isnt it?A daemon may be running in a chroot, but it may also have a flaw that allows an attacker to execute commands with the privileges of the user running the daemon (an arbitrary command execution attack).
My idea is as following.:
sudo btrfs subvolume snapshot rootsys/ chrootsys/
mount -t btrfs -o subvol=chrootsys /dev/sda2 /mnt
mount --bind dev, proc, sys /mnt
chroot /mnt
>> Here change password of snapshot's root system
password
>> And then, you run application like in sandbox, cos malicous code can't run anything with a different root password
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Can we do chroot against a btrfs snapshot?
Nothing. Processes do not care about passwords.bester69 wrote:but, what happend if you modify root password outside chroot, when chroot is running
Yes.bester69 wrote:coult it be able to execute that malicious code any command as well?
Re: Can we do chroot against a btrfs snapshot?
ok, thanks...Ive an old brave browser version but seems to be under attack, I purged folder settings but still CPU was to full throtle until i killed the browser.. so something was going on there... I wonder if brave's chromium sandbox protect us our system processes in any way...p.H wrote:Nothing. Processes do not care about passwords.bester69 wrote:but, what happend if you modify root password outside chroot, when chroot is runningYes.bester69 wrote:coult it be able to execute that malicious code any command as well?
this seems very risky to keep using an outaded browser.. i reallty dont get it if there's a person behind them or is most probably a worm attack.. anyway its scary
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: Can we do chroot against a btrfs snapshot?
We all gave into that problem...you need to take out that kind of data forlder from snapshots backups..Dahlia wrote:I just realized that snapshots on my Downloads directory are taking up a lot of space. What's the best way to prevent TimeShift (or snapper) from snapshotting a directory?
You just need to create a new subvolume for that data folder and take it our from TimeShift..
- You would do like this.:
0- Create Subvolume Downloads.
sudo mount -t btrfs /dev/sda1 /mnt
sudo btrfs subvolume create Downloads
1- Mount Downloads throught fstab
UUID=c649c9a7-YOUR_PARTITIONID-026837988bb7 /home/user/Downloads btrfs subvol=Downloads,defaults,noatime,space_cache,autodefrag 0 2
or if you dont want to mount any folder point above home.:
UUID=c649c9a7-YOUR_PARTITIONID-026837988bb7 /media/Downloads btrfs subvol=Downloads,defaults,noatime,space_cache,autodefrag 0 2
AND:
sudo chown Your_user: /media/Downloads && ln -s /media/Downloads /home/user/Downloads
---------------------------
In mY case , I also took out /home/user/<<.CACHE>> folder ,; ou might need to take out more other things, so the best thing to do is to create a main subvolume DATAFOLDER in home, where you put all folders you need to be taken out of Timeshift.. and recreate those folders with synlinks to DATAFOLDER path root.. this way you dont need to be creating everytime subvolumes for any folder..
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Can we do chroot against a btrfs snapshot?
@bester69: you are replying to a spambot, I have removed their post.
deadbang
Re: Can we do chroot against a btrfs snapshot?
rogerHead_on_a_Stick wrote:@bester69: you are replying to a spambot, I have removed their post.
thanks
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...