Halim Sahin wrote:
Sorry if my question was not understood currectly. I don't want to run sxfe/vdr etc under a chroot env. My concerns are about the build-in filebrowser of xineliboutput. It should be restricted to a special folder like /media. This whould avoid damages to the system :-). More ideas?
To prevent modifying system files you should run vdr as normal user (--user=vdr). Just don't give it write access to any other places than /media (and /video ?). Of course this doesn't protect VDR config files and recordings ...
For the file browser you can try attached, untested patch. Add following line to vdr's setup.conf: xineliboutput.Media.RootDir=/media
Note that it is not bulletproof ; one can easily bypass the checks with symlinks, like ln -s / /media/root.
- Petri