Re: [gentoo-user] Xorg on my server (talk me out if it?)

[Bastian Balthazar Bux <BastianBalthazarBux@pnpitalia.it>]

Grant wrote:

>>>><>I'm definitely still a beginner. A chroot would allow me to do this?
>>>>Would I even need VMware in that case?
>>>>
>>>>What I'd like to be able to do is copy my current Gentoo server system
>>>>over to something (chroot, VMware, UML) and test emerges and
>>>>etc-updates on it to make sure nothing is broken. I would like to be
>>>>able to to test kernel changes, but I can live without it. UML
>>>>actually won't work at all because I use the hardened-sources.
>>>>        
>>>>
>>You'll be able to test just about everything except kernel changes.  For
>>kernel changes, you'll need either VMWare or another machine.
>>
>>    
>>
>
>That sounds pretty good to me.  I'm sorry to persist, but I'd like to
>make sure this will work for me before I delve in.
>
>What do you mean by "just about everything"?  All I really need to be
>able to do is browse the test version of my website and make sure
>everything is working OK after making the changes.  Ideally,
>everything in the test version of my OS would be working exactly the
>same way as it does in the live version.  What would the differences
>be with this chroot setup?  For example, with VMware, the hardware is
>virtualized so you can't be sure there won't be hardware issues with
>the live version.
>
>- Grant
>  
>
With a chroot you share the same devices (you do it with mount -obind 
/dev/ /some/chroot/path/dev ) and the same kernel.
This translate in that you can running all that don't interfere with non 
chrooted processes.
examples from my expirience:
1) You are running apache in the "real" server, it use port 80, some 
devices read only (i.e /dev/null /dev/urandom etc) and the /dev/log link 
to the syslogger.
So you can't run another apache in the chroot on port 80. but if u 
change the configuration file to make it listen on port 8080 you are ok.

2) I had a opteron (64bit) machine and want to make IBM informix 
database server running on it. Informix is a proprietary database that 
don't have x86-64 libraries, and they don't link with a 64 bit enabled 
system. I've builded a 32 bit system, and make running database server 
inside, also there is a telnet server that run in the environment or the 
database server.
In this configuration I need also a cron daemon, in both the 
environments, here the solution is to make it running in the "father" 
system and chroot every command that should be run in the chrooted 
environment

There are also a lot of examples of chroot devoted to security.

A great part of the gentoo installation is done in chroot, the manuals 
explain how to do the chroot from the livecd, but you can apply most of 
that to a normal installed/running system.

Know in advance that you will need to study and learn a lot of stuff, 
expecially if this is a real commercial environment.

francesco

>  
>
>>James
>>    
>>
>
>--
>  
>


--
gentoo-user@gentoo.org mailing list