1 |
Grant wrote: |
2 |
|
3 |
>>>><>I'm definitely still a beginner. A chroot would allow me to do this? |
4 |
>>>>Would I even need VMware in that case? |
5 |
>>>> |
6 |
>>>>What I'd like to be able to do is copy my current Gentoo server system |
7 |
>>>>over to something (chroot, VMware, UML) and test emerges and |
8 |
>>>>etc-updates on it to make sure nothing is broken. I would like to be |
9 |
>>>>able to to test kernel changes, but I can live without it. UML |
10 |
>>>>actually won't work at all because I use the hardened-sources. |
11 |
>>>> |
12 |
>>>> |
13 |
>>You'll be able to test just about everything except kernel changes. For |
14 |
>>kernel changes, you'll need either VMWare or another machine. |
15 |
>> |
16 |
>> |
17 |
>> |
18 |
> |
19 |
>That sounds pretty good to me. I'm sorry to persist, but I'd like to |
20 |
>make sure this will work for me before I delve in. |
21 |
> |
22 |
>What do you mean by "just about everything"? All I really need to be |
23 |
>able to do is browse the test version of my website and make sure |
24 |
>everything is working OK after making the changes. Ideally, |
25 |
>everything in the test version of my OS would be working exactly the |
26 |
>same way as it does in the live version. What would the differences |
27 |
>be with this chroot setup? For example, with VMware, the hardware is |
28 |
>virtualized so you can't be sure there won't be hardware issues with |
29 |
>the live version. |
30 |
> |
31 |
>- Grant |
32 |
> |
33 |
> |
34 |
With a chroot you share the same devices (you do it with mount -obind |
35 |
/dev/ /some/chroot/path/dev ) and the same kernel. |
36 |
This translate in that you can running all that don't interfere with non |
37 |
chrooted processes. |
38 |
examples from my expirience: |
39 |
1) You are running apache in the "real" server, it use port 80, some |
40 |
devices read only (i.e /dev/null /dev/urandom etc) and the /dev/log link |
41 |
to the syslogger. |
42 |
So you can't run another apache in the chroot on port 80. but if u |
43 |
change the configuration file to make it listen on port 8080 you are ok. |
44 |
|
45 |
2) I had a opteron (64bit) machine and want to make IBM informix |
46 |
database server running on it. Informix is a proprietary database that |
47 |
don't have x86-64 libraries, and they don't link with a 64 bit enabled |
48 |
system. I've builded a 32 bit system, and make running database server |
49 |
inside, also there is a telnet server that run in the environment or the |
50 |
database server. |
51 |
In this configuration I need also a cron daemon, in both the |
52 |
environments, here the solution is to make it running in the "father" |
53 |
system and chroot every command that should be run in the chrooted |
54 |
environment |
55 |
|
56 |
There are also a lot of examples of chroot devoted to security. |
57 |
|
58 |
A great part of the gentoo installation is done in chroot, the manuals |
59 |
explain how to do the chroot from the livecd, but you can apply most of |
60 |
that to a normal installed/running system. |
61 |
|
62 |
Know in advance that you will need to study and learn a lot of stuff, |
63 |
expecially if this is a real commercial environment. |
64 |
|
65 |
francesco |
66 |
|
67 |
> |
68 |
> |
69 |
>>James |
70 |
>> |
71 |
>> |
72 |
> |
73 |
>-- |
74 |
> |
75 |
> |
76 |
|
77 |
|
78 |
-- |
79 |
gentoo-user@g.o mailing list |