After the hijacking of a machine at my work, I decided to install some of our running services into sandbox-environments (aka as jails) as a security measure to minimize the damages in case the machine would be compromised again. This manual focuses on the compartmentalization of a standalone Subversion server (svnserve). It doesn't address the use of Apache 2 in conjunction with Subversion.
At that time, after searching on Google, I didn't find any good tutorials to help me achieve this. All the information was rather scattered into different sources, most of which were concentrating on securing Apache, BIND, MySQL or other applications. Not much was written about securing a subversion server.
I hope this document will help other people. I'm not a security guru and welcome your feedback. Any improvements will be very appreciated.
This manual is targeted on the Debian/GNU Linux system. Some of the information contained in the manual may be applied, to a certain degree, to other systems as well.
Running Chrooted SVN on Debian Mini-HOWTO0.1.0 - February 2005