How to chroot Django

Question

Can one run Django in a chroot? Notably, what's necessary in order to set up (for example) /var/www as a chroot'd directory and then have Django run in that chroot'd directory?

Thank you - I'm grateful for any input.

score 3 · Answer 1 · answered Mar 25 '10 at 02:07

3

There are many reasons mod_wsgi is preferred for Python web app deployment. One is stability, another is the variety of configuration options... one of which is ability to chroot the mod_wsgi daemon (starting with version 3.00).

The chroot option is not yet documented for the WSGIDaemonProcess directive at http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIDaemonProcess but there is enough documentation in Changes in Version 3.0.

You can also read a disussion of the feature at http://code.google.com/p/modwsgi/issues/detail?id=106

answered Mar 25 '10 at 02:07

Van Gale

41,789
9
67
78

@Van Gale - Thanks - handy reference. We're not using Apache, but Lighttpd (maybe Nginx someday). Is there an equivalent configuration option for Lighttpd that you're aware of (I'm looking now, too)? – Brian M. Hunt Mar 25 '10 at 02:48
Err, well if you're using lighttpd you're probably also using flup (... and now you have 2 problems ... bada boom ...) fastcgi which means you should be able to have your fastcgi startup/init.d script do the chroot as suggested by WoLpH (although it may be in a shell script instead of python). – Van Gale Mar 25 '10 at 16:21

score 2 · Accepted Answer · edited Feb 20 '13 at 01:14

2

You will have to add a Python interpreter to that directory and add Django to it ofcourse.

After you've got the environment set-up you will have to create a wrapper script that does something like os.chroot('/var/www/') and you're done :)

To create a sandboxed/chrooted environment for Python try one of the following options: http://wiki.python.org/moin/Asking%20for%20Help/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20%28i.e.%20Sandbox%29?highlight=%28chroot%29 The PyPy option seems to be getting popular since Google started using it with the App-Engine.

edited Feb 20 '13 at 01:14

maxpolk

1,997
16
24

answered Mar 25 '10 at 01:17

Wolph

69,888
9
125
143

@WoLpH: Thanks for the info - that link's broken, though. – Brian M. Hunt Mar 25 '10 at 02:49
@Brian M. Hunt: the link is fixed again, stackoverflow didn't like the ) in the link ;) – Wolph Mar 25 '10 at 19:52
Great - thanks! That PyPy option is really *very* interesting - thanks. – Brian M. Hunt Mar 30 '10 at 03:41

How to chroot Django

2 Answers2