Noid trunkfs

Trunkfs is a virtual filesystem providing per-process namespaces for Linux 2.4.

The trunkfs file system is typically mounted once in a system, usually on /trunk/. It can be accessed by anyone, but it contains different things depending on who is looking inside it.

Every process sees the directory /trunk/fd/. Inside this directory is one file for each open file or directory of that process, named after the file descriptor number. The result is very similar to /proc/self/fd/, but in trunkfs the open files are represented by real files instead of symbolic links.

/trunk/ also contains a number of symbolic links, directly under /trunk/ or in any sub-directory, pointing at the file descriptors in /trunk/fd/. The symbolic links are generated on-the-fly from the environment variable TRUNK.

By opening the right files and directories, setting up the TRUNK environment variable, and chrooting to /trunk/, you can give your processes individual namespaces. You don't have to do all this by hand, this is what you use the chtrunk utility for.

If used correctly, the process chtrunked is locked inside a jail with no way to get out. It can only access files it already has opened and files under directories it has a file descriptor for. Unfortunately, there are a number of ways to escape from the jail, basically the same ways it can escape from a normal chroot. Processes might, for example, use the network or the ptrace interface to communicate with the outside world. Future extensions of Noid will create a tighter jail by blocking all dangerous actions.

One limitation of Unix in general is that only root is allowed to use chroot. The user chroot kernel patch makes Linux allow any user to use chroot in a secure way.

Chtrunk is implemented as a loadable kernel module for Linux 2.4. No recompilation or reboot is needed. Unfortunately, you still need to patch your kernel with the user chroot patch, recompile and reboot to allow normal non-root users to use chtrunk.