| 1 |
Grant wrote: |
| 2 |
|
| 3 |
>>>><>I'm definitely still a beginner. A chroot would allow me to do this? |
| 4 |
>>>>Would I even need VMware in that case? |
| 5 |
>>>> |
| 6 |
>>>>What I'd like to be able to do is copy my current Gentoo server system |
| 7 |
>>>>over to something (chroot, VMware, UML) and test emerges and |
| 8 |
>>>>etc-updates on it to make sure nothing is broken. I would like to be |
| 9 |
>>>>able to to test kernel changes, but I can live without it. UML |
| 10 |
>>>>actually won't work at all because I use the hardened-sources. |
| 11 |
>>>> |
| 12 |
>>>> |
| 13 |
>>You'll be able to test just about everything except kernel changes. For |
| 14 |
>>kernel changes, you'll need either VMWare or another machine. |
| 15 |
>> |
| 16 |
>> |
| 17 |
>> |
| 18 |
> |
| 19 |
>That sounds pretty good to me. I'm sorry to persist, but I'd like to |
| 20 |
>make sure this will work for me before I delve in. |
| 21 |
> |
| 22 |
>What do you mean by "just about everything"? All I really need to be |
| 23 |
>able to do is browse the test version of my website and make sure |
| 24 |
>everything is working OK after making the changes. Ideally, |
| 25 |
>everything in the test version of my OS would be working exactly the |
| 26 |
>same way as it does in the live version. What would the differences |
| 27 |
>be with this chroot setup? For example, with VMware, the hardware is |
| 28 |
>virtualized so you can't be sure there won't be hardware issues with |
| 29 |
>the live version. |
| 30 |
> |
| 31 |
>- Grant |
| 32 |
> |
| 33 |
> |
| 34 |
With a chroot you share the same devices (you do it with mount -obind |
| 35 |
/dev/ /some/chroot/path/dev ) and the same kernel. |
| 36 |
This translate in that you can running all that don't interfere with non |
| 37 |
chrooted processes. |
| 38 |
examples from my expirience: |
| 39 |
1) You are running apache in the "real" server, it use port 80, some |
| 40 |
devices read only (i.e /dev/null /dev/urandom etc) and the /dev/log link |
| 41 |
to the syslogger. |
| 42 |
So you can't run another apache in the chroot on port 80. but if u |
| 43 |
change the configuration file to make it listen on port 8080 you are ok. |
| 44 |
|
| 45 |
2) I had a opteron (64bit) machine and want to make IBM informix |
| 46 |
database server running on it. Informix is a proprietary database that |
| 47 |
don't have x86-64 libraries, and they don't link with a 64 bit enabled |
| 48 |
system. I've builded a 32 bit system, and make running database server |
| 49 |
inside, also there is a telnet server that run in the environment or the |
| 50 |
database server. |
| 51 |
In this configuration I need also a cron daemon, in both the |
| 52 |
environments, here the solution is to make it running in the "father" |
| 53 |
system and chroot every command that should be run in the chrooted |
| 54 |
environment |
| 55 |
|
| 56 |
There are also a lot of examples of chroot devoted to security. |
| 57 |
|
| 58 |
A great part of the gentoo installation is done in chroot, the manuals |
| 59 |
explain how to do the chroot from the livecd, but you can apply most of |
| 60 |
that to a normal installed/running system. |
| 61 |
|
| 62 |
Know in advance that you will need to study and learn a lot of stuff, |
| 63 |
expecially if this is a real commercial environment. |
| 64 |
|
| 65 |
francesco |
| 66 |
|
| 67 |
> |
| 68 |
> |
| 69 |
>>James |
| 70 |
>> |
| 71 |
>> |
| 72 |
> |
| 73 |
>-- |
| 74 |
> |
| 75 |
> |
| 76 |
|
| 77 |
|
| 78 |
-- |
| 79 |
gentoo-user@g.o mailing list |
Archives