[X2Go-User] x2go + chroot

John A. Sullivan III jsullivan at opensourcedevel.com
Thu Mar 15 14:05:34 CET 2012


On Thu, 2012-03-15 at 12:58 +0100, BUGHUNTER wrote:
> Hi,
> 
> I need instructions for how to setup a chroot environment on the
> server - I found this old discussion:
> 
> http://www.mail-archive.com/x2go-dev@lists.berlios.de/msg01268.html
> 
> but there is no solution, unfortunately.
> 
> Also, I found
> 
> http://www.x2go.org/doku.php/wiki:components:tce
> 
> but this seems to be a tool for setting up chroot on the CLIENT side?
> Seems to be a different use case.
> 
> What I want:
> 
> I would like to chroot users that logged into the server via x2go
> client to see only files in their home directory (or inside their
> "jail") - what is the recommended + most efficient way of doing this
> with the least administrative overhead? - mind the updates! - so
> recompiling jail binaries after every update of relevant software
> should happen automatically, most preferable solution would be:
> 
> apt-get install x2go-server-chroot
> x2go-create-chroot /home/user
> 
> without any needed (or minimal) additional interaction after future
> updates so that your jail is always uptodate after an apt-get update.
> 
> does this exist?
> 
> if not, how to create it?
> 
> THANK you very much for your attention,
> Bughunter
> 
> BTW search for x2go +chroot with Google to see how small the internet
> can be ;)
<snip>

I don't know if it is of any help but we run X2Go Server in a VServer
which is, more or less, a chroot on steroids.  We did find we needed to
do some intense surgery on the X2Go Server side scripts and we had to
add certain capabilities to the vservers - particularly mount
capabilities.  We were never able to enable local share unmounting
(fusermount requires capabilities which are not available in our kernel
- I believe they may be in newer kernels) which is one reason why we
moved session clean up to the VServer host (besides the fact that I can
run one cleanup daemon for hundreds of x2goserver instances instead of
one process each (and it fires every five seconds).




More information about the x2go-user mailing list