Many services use chroot() to improve security. Supporting specifying root directory in Airup service manifest could make the system more secure.
Unresolved Questions
[x] Rust standard library haven't supported chroot-ing for child processes yet. However, when using pre_exec to reach the goal, setuid() is earlier called, causing user switching to be conflicted with chroot-ing (that's also why we commented setgroup()). Should we switch to use pre_exec for setuid(), too, in order to keep the order?
Introduction
Many services use
chroot()
to improve security. Supporting specifying root directory in Airup service manifest could make the system more secure.Unresolved Questions
chroot
-ing for child processes yet. However, when usingpre_exec
to reach the goal,setuid()
is earlier called, causing user switching to be conflicted withchroot
-ing (that's also why we commentedsetgroup()
). Should we switch to usepre_exec
forsetuid()
, too, in order to keep the order?