[gentoo-amd64] chroot howto?

public inbox for gentoo-amd64@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-amd64] chroot howto?
@ 2005-07-13  9:03 Peter Humphrey
  2005-07-13 10:05 ` Barry.SCHWARTZ
  0 siblings, 1 reply; 3+ messages in thread
From: Peter Humphrey @ 2005-07-13  9:03 UTC (permalink / raw
  To: gentoo-amd64

I've decided to have a play with chroot on this ~amd64 xfce4 box, so I
followed the instructions at
http://www.gentoo.org/proj/en/base/amd64/technotes/index.xml?part=1&chap=4
to set up the jail in a separate partition mounted on /mnt/gentoo32. My
idea is to use it for e.g. firefox-bin and its plugins, and maybe wine.

I have a few questions. First, the technotes are far from clear in
explaining how the 32-bit chroot jail works, and unhelpful to a chroot
acolyte like me in detailing how to build it, so I had to use my
initiative - always a grave risk ;-)

I unpacked an x86 stage 3, and set up hosts, networks and users as
instructed, but when I tried "linux32 chroot /mnt/gentoo32 /bin/bash" I
got a permission-refused error on /bin/bash. (I tried both with and
without --login; it made no difference.) So I unpacked a portage
snapshot, rebooted from the installation CD and tried again. I could
then chroot. I reasoned that /bin/bash could not be executed because
there was no 32-bit kernel, so I emerged and compiled gentoo-sources in
/mnt/gentoo32. After that I could chroot from the installed system.

But how much more of a Gentoo system do I need to build in the chroot
jail? Emerge --sync? Emerge system? I have /mnt/tmp bound to
/mnt/gentoo32/mnt/tmp, and /mnt/home, /mnt/boot, /mnt/usr/share and
/mnt/usr/portage/distfiles bound similarly. Do I need to env-update
whenever I chroot? What difference is there between chroot with and
without --login, apart from sourcing /etc/profile etc?

And when I've built it, how do I go about using it? No amount of
googling helps me to understand, and the Gentoo docs are more-or-less
silent on the subject.

-- 
Rgds
Peter Humphrey
Linux Counter 5290, Aug 93.

-- 
gentoo-amd64@gentoo.org mailing list

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-amd64] chroot howto?
  2005-07-13  9:03 [gentoo-amd64] chroot howto? Peter Humphrey
@ 2005-07-13 10:05 ` Barry.SCHWARTZ
  2005-07-13 10:55   ` Peter Humphrey
  0 siblings, 1 reply; 3+ messages in thread
From: Barry.SCHWARTZ @ 2005-07-13 10:05 UTC (permalink / raw
  To: gentoo-amd64

[-- Attachment #1: Type: text/plain, Size: 5160 bytes --]

Peter Humphrey <prh@gotadsl.co.uk> wrote:
> I unpacked an x86 stage 3, and set up hosts, networks and users as
> instructed, but when I tried "linux32 chroot /mnt/gentoo32 /bin/bash" I
> got a permission-refused error on /bin/bash. (I tried both with and
> without --login; it made no difference.)

Did you do this as root?

> So I unpacked a portage
> snapshot, rebooted from the installation CD and tried again. I could
> then chroot. I reasoned that /bin/bash could not be executed because
> there was no 32-bit kernel, so I emerged and compiled gentoo-sources in
> /mnt/gentoo32. After that I could chroot from the installed system.

You don't need a 32-bit kernel.  For a few things it can be convenient
to have kernel sources present, but I don't remember what things those
are.  Cross that bridge if you come to it.

> But how much more of a Gentoo system do I need to build in the chroot
> jail? Emerge --sync? Emerge system? I have /mnt/tmp bound to
> /mnt/gentoo32/mnt/tmp, and /mnt/home, /mnt/boot, /mnt/usr/share and
> /mnt/usr/portage/distfiles bound similarly. Do I need to env-update
> whenever I chroot? What difference is there between chroot with and
> without --login, apart from sourcing /etc/profile etc?

I set up my own init script that uses 'mount --bind' to mount and
unmount things that you need inside the chroot.  So that happens at
initialization.

As far as getting into the chroot, if I am root I do it with a Perl script:

===========================================
#!/usr/bin/perl -wT

$root_32bit = "/gentoo32"; # The root directory of the 32-bit environment.

$ENV{PATH} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

$#ARGV == -1 or die "$0: Does not accept arguments\n";

# su to oneself.  Non-root users may be asked for their password.
# (We require that the user name begin with an alphabetic character
# and consist only of alphanumeric characters.)
$user = getpwuid($<);
$user =~ /^([[:alpha:]][[:alnum:]]*)$/
    or die "$0: \"$user\" doesn't look like a user name to me\n";
$user = $1;
exec "linux32", "chroot", "$root_32bit", "su", "-", "$user";

die "$0: $!\n";
===========================================

If I am non-root I do it with a simple suid root C program that is
adapted from linux32.

===========================================
/* $Id: l32.c,v 1.3 2004/08/18 05:09:30 trashman Exp $ */

#include <linux/personality.h>
#undef personality
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <limits.h>

long int personality(unsigned long int persona);


/* Restrict address space to 3 GB, for the sake of buggy Java. */
const unsigned long int default_personality = PER_LINUX32_3GB;
const char *const gentoo32 = "/gentoo32";


int main(int argc, char *argv[], char *envp[] __attribute__((unused)))
{
    int result;
    long int long_result;
    unsigned long int pers;
    char *cwd;

    if (argc < 2) {
        fprintf(stderr, "Usage: %s COMMAND [ARG]...\n", argv[0]);
        exit(1);
    }

    pers = default_personality;

    cwd = getcwd(NULL, 0);      /* Linux-specific: allocate as many
                                 * bytes as necessary. */
    if (cwd == NULL) {
        fprintf(stderr, "Can't allocate necessary space: %s\n", strerror(errno));
        exit(1);
    }

    long_result = personality(pers);
    if (long_result == -1) {
        fprintf(stderr, "Can't set personality %lx: %s\n", pers, strerror(errno));
        exit(1);
    }

    result = chroot(gentoo32);
    if (result != 0) {
        fprintf(stderr, "Can't chroot(%s): %s\n", gentoo32, strerror(errno));
        exit(1);
    }

    /* Drop root privileges. */
    result = setuid(getuid());
    if (result != 0) {
        fprintf(stderr, "Can't suid(%d): %s\n", getuid(), strerror(errno));
        exit(1);
    }

    /* Make sure we are inside the chroot. */
    result = chdir("/");
    if (result != 0) {
        fprintf(stderr, "Can't chdir(%s) within the chroot: %s\n",
                gentoo32, strerror(errno));
        exit(1);
    }

    /* Change into the chroot's equivalent of the current working
     * directory. */
    result = chdir(cwd);
    if (result != 0) {
        fprintf(stderr, "Can't chdir(%s) within the chroot: %s\n",
                cwd, strerror(errno));
        exit(1);
    }

    free(cwd);
    execvp(argv[1], argv + 1);

    abort();                    /* We shouldn't get here. */
}
===========================================

'l32 zsh --login' gets me a 32-bit shell.

I maintain my chroot as practically another whole system.  That's
wasteful but makes some things a lot easier -- even maintenance is
easier with all that waste, because you are letting portage 'think'
for you about what it needs to install.

I used to also run stuff like sshd inside the chroot, but don't
anymore, and I think you can ignore that.

-- 
Barry.SCHWARTZ@chemoelectric.org   http://www.chemoelectric.org
Esperantistoj rajtas skribi al Barijo.SXVARCO@chemoelectric.org

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-amd64] chroot howto?
  2005-07-13 10:05 ` Barry.SCHWARTZ
@ 2005-07-13 10:55   ` Peter Humphrey
  0 siblings, 0 replies; 3+ messages in thread
From: Peter Humphrey @ 2005-07-13 10:55 UTC (permalink / raw
  To: gentoo-amd64

Barry.SCHWARTZ@chemoelectric.org wrote:

>Peter Humphrey <prh@gotadsl.co.uk> wrote:
>  
>
>>I unpacked an x86 stage 3, and set up hosts, networks and users as
>>instructed, but when I tried "linux32 chroot /mnt/gentoo32 /bin/bash" I
>>got a permission-refused error on /bin/bash. (I tried both with and
>>without --login; it made no difference.)
>>    
>>
>
>Did you do this as root?
>  
>

Yes, and as myself which gave a slightly different error msg.

>>So I unpacked a portage
>>snapshot, rebooted from the installation CD and tried again. I could
>>then chroot. I reasoned that /bin/bash could not be executed because
>>there was no 32-bit kernel, so I emerged and compiled gentoo-sources in
>>/mnt/gentoo32. After that I could chroot from the installed system.
>>    
>>
>
>You don't need a 32-bit kernel. 
>

Hmm. Then I'll have to solve the problem above. Meanwhile I have the
kernel so perhaps I'll keep it pro tem.

> For a few things it can be convenient
>to have kernel sources present, but I don't remember what things those
>are.  Cross that bridge if you come to it.
>  
>

Ok.

< Snip useful scripts - thanks! >

>I maintain my chroot as practically another whole system.  That's
>wasteful but makes some things a lot easier -- even maintenance is
>easier with all that waste, because you are letting portage 'think'
>for you about what it needs to install.
>  
>

Tha's more-or-less what I seem to be doing.

-- 
Rgds
Peter Humphrey
Linux Counter 5290, Aug 93.


-- 
gentoo-amd64@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2005-07-13 10:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-13  9:03 [gentoo-amd64] chroot howto? Peter Humphrey
2005-07-13 10:05 ` Barry.SCHWARTZ
2005-07-13 10:55   ` Peter Humphrey

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox