Re: Is it possible to chroot jail NetworkManager?

[Dan Williams <dcbw redhat com>]

On Wed, 2006-08-23 at 19:43 +0000, Hubert Havel wrote:
> Hello NetworkManger Users:
> 
>     I am able to get Opera to run in a chroot jail, but unfortunately, I was 
> unable to get
> a jailed WiFI internet program to connect the jailed Opera to the WiFi 
> internet card. I tried jailing NetworkManager, but I noticed that 
> NetworkManager can only be executed by
> root. It is unsafe to execute any program inside jail with root.

Unfortunately, you pretty much _need_ root to do much with wireless.
For example, you can't perform wireless scans unless you're root (or
possibly have CAP_NET_ADMIN, not sure).  You also can't manipulate the
routing tables or set IP addresses if you're not root (or don't have
CAP_NET_ADMIN).

Furthermore, you'd need root for wpa_supplicant since it does a ton of
wireless work.  And NM needs to be able to access D-Bus too, and the
system bus socket would likely be outside the chroot too.

>     Is there a way to jail NetworkManager securely - preferably, execute 
> NetworkManager
> inside jail without root. Perhaps, there is a way, like Apache, after 
> initialization, it drops
> the root process?

Why do you want to do this?

Dan

>    You help is greatly appreciated. I have been stucked on this for about 2 
> weeks.
> 
> Hubert.
> 
> _________________________________________________________________
> Search from any web page with powerful protection. Get the FREE Windows Live 
> Toolbar Today!   http://get.live.com/toolbar/overview
> 
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list