[8057] in athena10
[Debathena] #1000: login chroots should support SSH sessions via
daemon@ATHENA.MIT.EDU (Debathena Trac)
Mon Aug 1 16:20:04 2011
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@MIT.EDU>
Cc: debathena@mit.edu
To: geofft@mit.edu
Date: Mon, 01 Aug 2011 20:19:57 -0000
Reply-To:
Message-ID: <043.582c9aa748e9779f4da0ff7d8502482f@mit.edu>
Content-Transfer-Encoding: 8bit
#1000: login chroots should support SSH sessions via containers-------------------------+--------------------------------------------------
Reporter: geofft | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: The Distant Future
Component: -- | Keywords:
See_also: |
-------------------------+-------------------------------------------------- It'd be nice if there were an option for remote sessions to run debathena-
reactivate and thereby be able to `sudo aptitude install` random software
the same way as on cluster. This would be reasonably secure if we threw
Linux containers at the problem, since containers are designed to solve
exactly the problem of having more-awesome chroots that allow securely
partitioning root (so you can sell different containers as VPSes to
mutually-untrusted users).
Probably the way to do this is to have it be an option that a user can
enter, as opposed to something that's enabled automatically for everyone
if you install debathena-reactivate on a system with remote login.
And so probably the way to do that is to teach schroot about containers.
-- Ticket URL: <http://debathena.mit.edu/trac/ticket/1000>Debathena <http://debathena.mit.edu/>MIT Debathena Project
