Fossil SCM
Added missing www/chroot.md file
Commit
80cd49f063188f907c3fa5b4609636cf0356095a977d0af0afe7d0dba6917c1b
Parent
1e6fbcf214e4b8d…
1 file changed
+38
+38
| --- a/www/chroot.md | ||
| +++ b/www/chroot.md | ||
| @@ -0,0 +1,38 @@ | ||
| 1 | +# The Server Chroot Jail | |
| 2 | + | |
| 3 | +If you run Fossil as root in any mode that [serves data on the | |
| 4 | +network][srv], and you're running it on Unix or a compatible OS, Fossil | |
| 5 | +will drop itself into a [`chroot(2)` jail][cj, once it's done everything that requires root access. Most commonly, | |
| 6 | +you run Fossil as root to allow it to bind to TCP port 80 for HTTP | |
| 7 | +service, since normal users are reup on OSes. | |
| 8 | + | |
| 9 | +Fossil uses the owner of the Fossil repository file as its new user | |
| 10 | +ID when it drops root privileges. | |
| 11 | + | |
| 12 | +When Fossil enters a chroot jail, it needs to have all of its dependencies | |
| 13 | +inside the chroot jail in order to continue work. There are several | |
| 14 | +resources that need to be inside the chroot jail with Fossil in order for | |
| 15 | +Fossil to work correctly: | |
| 16 | + | |
| 17 | +* the repository file(s) | |
| 18 | + | |
| 19 | +* `/dev/null` — create it with `mknod(8)` inside the jail directory | |
| 20 | + ([Linux example][mnl], [OpenBSD example][obsd]) | |
| 21 | + | |
| 22 | +* `/d `/proc` — you might need to mount this virtual filesystem inside the | |
| 23 | + jail on Linux systems that make use of [Fossil’s server load | |
| 24 | + shedding feature][fls] | |
| 25 | + | |
| 26 | +* any shared libraries your `fossil` binary is linked to, unless you | |
| 27 | + [configured Fossil with `--static`][bld] to avoid it | |
| 28 | + | |
| 29 | +Fossil does all of this as one of many layers of defense against | |
| 30 | +hacks and exploits. You can prevent Fossil from entering the chroot | |
| 31 | +jail using the <tt>--nojail</tt> option to the | |
| 32 | +[fossil server command](/help?cmd=server) | |
| 33 | +but you cannot make Fossil hold onto root privileges. Fossiwww.fossil-scm.org/fossil. Fossil always drops | |
| 34 | +root privilege before accepting inputs, for security. | |
| 35 | + | |
| 36 | + | |
| 37 | +[bld]: https://fossil-scm.org/home/doc/trunk/www/build.wiki | |
| 38 | +[cj]: https://en.wikipe.wiki |
| --- a/www/chroot.md | |
| +++ b/www/chroot.md | |
| @@ -0,0 +1,38 @@ | |
| --- a/www/chroot.md | |
| +++ b/www/chroot.md | |
| @@ -0,0 +1,38 @@ | |
| 1 | # The Server Chroot Jail |
| 2 | |
| 3 | If you run Fossil as root in any mode that [serves data on the |
| 4 | network][srv], and you're running it on Unix or a compatible OS, Fossil |
| 5 | will drop itself into a [`chroot(2)` jail][cj, once it's done everything that requires root access. Most commonly, |
| 6 | you run Fossil as root to allow it to bind to TCP port 80 for HTTP |
| 7 | service, since normal users are reup on OSes. |
| 8 | |
| 9 | Fossil uses the owner of the Fossil repository file as its new user |
| 10 | ID when it drops root privileges. |
| 11 | |
| 12 | When Fossil enters a chroot jail, it needs to have all of its dependencies |
| 13 | inside the chroot jail in order to continue work. There are several |
| 14 | resources that need to be inside the chroot jail with Fossil in order for |
| 15 | Fossil to work correctly: |
| 16 | |
| 17 | * the repository file(s) |
| 18 | |
| 19 | * `/dev/null` — create it with `mknod(8)` inside the jail directory |
| 20 | ([Linux example][mnl], [OpenBSD example][obsd]) |
| 21 | |
| 22 | * `/d `/proc` — you might need to mount this virtual filesystem inside the |
| 23 | jail on Linux systems that make use of [Fossil’s server load |
| 24 | shedding feature][fls] |
| 25 | |
| 26 | * any shared libraries your `fossil` binary is linked to, unless you |
| 27 | [configured Fossil with `--static`][bld] to avoid it |
| 28 | |
| 29 | Fossil does all of this as one of many layers of defense against |
| 30 | hacks and exploits. You can prevent Fossil from entering the chroot |
| 31 | jail using the <tt>--nojail</tt> option to the |
| 32 | [fossil server command](/help?cmd=server) |
| 33 | but you cannot make Fossil hold onto root privileges. Fossiwww.fossil-scm.org/fossil. Fossil always drops |
| 34 | root privilege before accepting inputs, for security. |
| 35 | |
| 36 | |
| 37 | [bld]: https://fossil-scm.org/home/doc/trunk/www/build.wiki |
| 38 | [cj]: https://en.wikipe.wiki |