Fossil SCM
Small improvements to the new Fossil Chroot Jail section of www/server.wiki
Commit
4c837bc3430fcd464023685c75d5941d550251564ec116abc50ae047b0927977
Parent
fc00b7b2972a81d…
1 file changed
+13
-11
+13
-11
| --- www/server.wiki | ||
| +++ www/server.wiki | ||
| @@ -166,12 +166,12 @@ | ||
| 166 | 166 | |
| 167 | 167 | <blockquote> |
| 168 | 168 | If you run Fossil as root in any mode that serves data on the |
| 169 | 169 | network, and you're running it on Unix or a compatible OS, Fossil |
| 170 | 170 | will drop itself into a [https://en.wikipedia.org/wiki/Chroot | |
| 171 | -chroot jail] shortly after starting up. It will drop its root | |
| 172 | -privileges once it's done everything that requires root access; most | |
| 171 | +chroot jail] shortly after starting up, after | |
| 172 | +it's done everything that requires root access. Most | |
| 173 | 173 | commonly, you run Fossil as root to allow it to bind to TCP port 80 |
| 174 | 174 | for HTTP service, since normal users are restricted to ports 1024 |
| 175 | 175 | and up on OSes where this behavior occurs. |
| 176 | 176 | |
| 177 | 177 | Fossil uses the owner of the Fossil repository file as its new user |
| @@ -182,24 +182,26 @@ | ||
| 182 | 182 | in order to make things work properly: |
| 183 | 183 | |
| 184 | 184 | <ul> |
| 185 | 185 | <li>the repository file(s) |
| 186 | 186 | |
| 187 | - <li><tt>/dev/null</tt> — create it with <tt>mknod(8)</tt> | |
| 188 | - inside the jail directory | |
| 187 | + <li><tt>/dev/null</tt> — create it with <tt>mknod(8)</tt> inside the | |
| 188 | + jail directory ([https://fossil-scm.org/forum/forumpost/90caff30cb | | |
| 189 | + Linux example]) | |
| 189 | 190 | |
| 190 | 191 | <li><tt>/dev/urandom</tt> — ditto |
| 191 | 192 | |
| 192 | - <li>any shared libraries your <tt>fossil</tt> binary is linked | |
| 193 | - to, such as <tt>/lib/libssl.so</tt>; consider building Fossil as a | |
| 194 | - static binary to avoid this | |
| 195 | -</ul> | |
| 196 | -</blockquote> | |
| 193 | + <li>any shared libraries your <tt>fossil</tt> binary is linked to, | |
| 194 | + such as <tt>/lib/libssl.so</tt>; consider | |
| 195 | + <tt>[https://www.fossil-scm.org/fossil/doc/trunk/www/build.wiki | | |
| 196 | + ./configure --static]</tt> to avoid the need for this | |
| 197 | +</ul> </blockquote> | |
| 197 | 198 | |
| 198 | 199 | <blockquote> |
| 199 | -Fossil does all of this in order to protect the host OS. There is | |
| 200 | -no way to bypass it, on purpose. | |
| 200 | +Fossil does all of this in order to protect the host OS. You can make it | |
| 201 | +bypass the jail part of this by passing `--nojail` to `fossil server`, | |
| 202 | +but you cannot make it skip the dropping of root privileges, on purpose. | |
| 201 | 203 | </blockquote> |
| 202 | 204 | |
| 203 | 205 | |
| 204 | 206 | <h2 id="loadmgmt">Managing Server Load</h2> |
| 205 | 207 | |
| 206 | 208 |
| --- www/server.wiki | |
| +++ www/server.wiki | |
| @@ -166,12 +166,12 @@ | |
| 166 | |
| 167 | <blockquote> |
| 168 | If you run Fossil as root in any mode that serves data on the |
| 169 | network, and you're running it on Unix or a compatible OS, Fossil |
| 170 | will drop itself into a [https://en.wikipedia.org/wiki/Chroot | |
| 171 | chroot jail] shortly after starting up. It will drop its root |
| 172 | privileges once it's done everything that requires root access; most |
| 173 | commonly, you run Fossil as root to allow it to bind to TCP port 80 |
| 174 | for HTTP service, since normal users are restricted to ports 1024 |
| 175 | and up on OSes where this behavior occurs. |
| 176 | |
| 177 | Fossil uses the owner of the Fossil repository file as its new user |
| @@ -182,24 +182,26 @@ | |
| 182 | in order to make things work properly: |
| 183 | |
| 184 | <ul> |
| 185 | <li>the repository file(s) |
| 186 | |
| 187 | <li><tt>/dev/null</tt> — create it with <tt>mknod(8)</tt> |
| 188 | inside the jail directory |
| 189 | |
| 190 | <li><tt>/dev/urandom</tt> — ditto |
| 191 | |
| 192 | <li>any shared libraries your <tt>fossil</tt> binary is linked |
| 193 | to, such as <tt>/lib/libssl.so</tt>; consider building Fossil as a |
| 194 | static binary to avoid this |
| 195 | </ul> |
| 196 | </blockquote> |
| 197 | |
| 198 | <blockquote> |
| 199 | Fossil does all of this in order to protect the host OS. There is |
| 200 | no way to bypass it, on purpose. |
| 201 | </blockquote> |
| 202 | |
| 203 | |
| 204 | <h2 id="loadmgmt">Managing Server Load</h2> |
| 205 | |
| 206 |
| --- www/server.wiki | |
| +++ www/server.wiki | |
| @@ -166,12 +166,12 @@ | |
| 166 | |
| 167 | <blockquote> |
| 168 | If you run Fossil as root in any mode that serves data on the |
| 169 | network, and you're running it on Unix or a compatible OS, Fossil |
| 170 | will drop itself into a [https://en.wikipedia.org/wiki/Chroot | |
| 171 | chroot jail] shortly after starting up, after |
| 172 | it's done everything that requires root access. Most |
| 173 | commonly, you run Fossil as root to allow it to bind to TCP port 80 |
| 174 | for HTTP service, since normal users are restricted to ports 1024 |
| 175 | and up on OSes where this behavior occurs. |
| 176 | |
| 177 | Fossil uses the owner of the Fossil repository file as its new user |
| @@ -182,24 +182,26 @@ | |
| 182 | in order to make things work properly: |
| 183 | |
| 184 | <ul> |
| 185 | <li>the repository file(s) |
| 186 | |
| 187 | <li><tt>/dev/null</tt> — create it with <tt>mknod(8)</tt> inside the |
| 188 | jail directory ([https://fossil-scm.org/forum/forumpost/90caff30cb | |
| 189 | Linux example]) |
| 190 | |
| 191 | <li><tt>/dev/urandom</tt> — ditto |
| 192 | |
| 193 | <li>any shared libraries your <tt>fossil</tt> binary is linked to, |
| 194 | such as <tt>/lib/libssl.so</tt>; consider |
| 195 | <tt>[https://www.fossil-scm.org/fossil/doc/trunk/www/build.wiki | |
| 196 | ./configure --static]</tt> to avoid the need for this |
| 197 | </ul> </blockquote> |
| 198 | |
| 199 | <blockquote> |
| 200 | Fossil does all of this in order to protect the host OS. You can make it |
| 201 | bypass the jail part of this by passing `--nojail` to `fossil server`, |
| 202 | but you cannot make it skip the dropping of root privileges, on purpose. |
| 203 | </blockquote> |
| 204 | |
| 205 | |
| 206 | <h2 id="loadmgmt">Managing Server Load</h2> |
| 207 | |
| 208 |