Securing POSIX instances - chroot & LXC

I'm new to BitNami - finally got around to setting up my 1st instance in a VM (RedMine).

Pretty sweet & see it's basically a self-contained stack in an isolated directory: /opt/$STACK

What surprises me is that there is little mention around security; especially wrt. sandboxing via chroot or LXC (Linux Containers - or BSD jails)

I'll try this out & maybe add something to the wiki, but before I do so I'd just like to know if anyone else has experience with this & has anything to share?


Sorry I do not understand your exact question. Do you want to run the application in a chroot? You can install it using the native installer, all the required dependencies are already installed in the /opt/bitnami folder. Please share your notes about your configuration.

Thanks for the feedback.

Yes, I'd like to run the application stack in a sandbox - either chroot or LXC. chroot is seems quick & easy, whereas LXC is not much harder, but has significant advances in terms of resource-overhead & management. Great post:

I'm still (re-)familiarising myself with these technologies, so I'll submit some notes once I'm confident about the results. BitNami stacks are great candidates for these security mechanisms, as it provides isolation & mitigation in the event of exploitation.