HI finally we planned to over write the chroot method through LKM , guessing that will solve our problem.

Hi,

Desperation to find answer made me to post in different forums . But this is the thing finally required, I need to add CAP_SYS_CHROOT capability to my user, because only users with CAP_SYS_CHROOT can call chroot. This will solve all my requirements . I guess I am making things look tough by saying all unwanted details.

Thanks,
Jai

Hi,

My requirement is simple, Apache receives request and calls my perl handler. The handler script needs to identify which script it needs to run and based on this it needs to go to the particular chroot jail and run the script securely, btw it prints the output to response. We have this new roots already created with necessary libraries and binaries. Hope you got my req .

Thanks,
Jai :(

Hi,

Thanks for your immediate reponse. My only requirement is I call chroot from a perl script . This perl script needs to run under normal user . I am using grsecurity to avoid double chroot and breaking of chroot issues. Currently the point where I stand is I must run the perl script under un previleged user, but it should do chroot. Seems little wierd right , but this is what my application requires now . Adding capablility CAP_SYS_CHROOT to the normal user I guess must solve my requirement. But I am not sure how to add this capablity to my user.

Hope you got my requirements.

Thanks
Jai

Its been last two days over after my search started . But I didn't find answer any where ?. I need to call chroot as part of normal user, but to my surprise it can only be called by SUper user with CAP_SYS_CHROOT capabilities. I am not sure how to add this capability to my user . Please help me in solving my situation.