views:

95

answers:

2

Can one run Django in a chroot? Notably, what's necessary in order to set up (for example) /var/www as a chroot'd directory and then have Django run in that chroot'd directory?

Thank you - I'm grateful for any input.

+1  A: 

You will have to add a Python interpreter to that directory and add Django to it ofcourse.

After you've got the environment set-up you will have to create a wrapper script that does something like os.chroot('/var/www/') and you're done :)

To create a sandboxed/chrooted environment for Python try one of the following options: http://wiki.python.org/moin/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20(i.e.%20Sandbox)?highlight=%28chroot%29 The PyPy option seems to be getting popular since Google started using it with the App-Engine.

WoLpH
@WoLpH: Thanks for the info - that link's broken, though.
Brian M. Hunt
@Brian M. Hunt: the link is fixed again, stackoverflow didn't like the ) in the link ;)
WoLpH
@WoLpH: Great - thanks! That PyPy option is really *very* interesting - thanks.
Brian M. Hunt
+2  A: 

There are many reasons mod_wsgi is preferred for Python web app deployment. One is stability, another is the variety of configuration options... one of which is ability to chroot the mod_wsgi daemon (starting with version 3.00).

The chroot option is not yet documented for the WSGIDaemonProcess directive at http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIDaemonProcess but there is enough documentation in Changes in Version 3.0.

You can also read a disussion of the feature at http://code.google.com/p/modwsgi/issues/detail?id=106

Van Gale
@Van Gale - Thanks - handy reference. We're not using Apache, but Lighttpd (maybe Nginx someday). Is there an equivalent configuration option for Lighttpd that you're aware of (I'm looking now, too)?
Brian M. Hunt
Err, well if you're using lighttpd you're probably also using flup (... and now you have 2 problems ... bada boom ...) fastcgi which means you should be able to have your fastcgi startup/init.d script do the chroot as suggested by WoLpH (although it may be in a shell script instead of python).
Van Gale