Re: [Qemu-devel] [PATCH] -chroot and -su options.

[Rob Landley]

On Tuesday 04 March 2008 05:22:12 you wrote:
> On Mon, Mar 03, 2008 at 06:28:22PM -0600, Rob Landley wrote:
> > Quick and dirty patch to teach qemu application emulation how to chroot
> > (and drop privs), so you don't have to pollute a target filesystem with
> > host code, and/or figure out how to build qemu static in order to run a
> > dynamic binary.
>
> Hi Rob,
>
> Right, doing the chroot from within qemu avoids the issue with polluting
> the target/. Thanks for the example.
>
> The chroot approach still suffers from the need of initially having higher
> privileges. Personally, I still prefer the sysroot option and avoid that
> need but either way helps me.
>
> Best regards

Which sysroot option?  (I may have missed a patch, I'm a month behind on the 
list.  This is just something I've meant to submit for... about a year, I 
think.)

You can also teach a bunch of different qemu syscalls (open, unlink, mmap, 
exec, fcntl, and 3 dozen others...) to append a prefix to its path, and 
perhaps try to prevent them from playing games with symlinks or ".." to break 
out of that subdir.  But that's a much, much, much more extensive/intrusive 
patch.

Rob
-- 
"One of my most productive days was throwing away 1000 lines of code."
  - Ken Thompson.