|
Home > Archive > Debian Developers > May 2005 > ITP: sid - Run commands in your /sid chroot
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ITP: sid - Run commands in your /sid chroot
|
|
| Bill Allombert 2005-05-27, 7:58 am |
| Well not really, but I am using a program called 'sid' for some years
now, and I thought I would share it with you.
sid is a straight-forward wrapper that do 'chroot /sid' that does not
get in the way as dchroot does (IMHO), since it does not take options
and preserve the environment, cwd, etc, and is faster to type.
Compile it, install it suid root, and go. This assume your chroot is
called /sid, though you can change CHROOT_PATH. Obviously you can
also call it 'sarge' or 'ia32'.
Some usage:
sid - run $SHELL is the chroot
sid gimp - run gimp 2.2 instead of gimp 1.2
LANG=eo_EO sid update-menus --help
- Test the new update-menus help text in Esperanto
sid /etc/init.d/apache - start apache running in the chroot
sid apt-get upgrade - upgrade your chroot.
CC=gcc-3.4 sid ./configure && sid make
- test compilation with gcc-3.4
I usually include a symlink /sid/sid ->/, so I can also do
sid /sid/etc/init.d/apache
which take advantage of shell completion.
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
----------------------------
#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#define CHROOT_PATH "/sid/"
#define LEN_CHROOT_PATH strlen(CHROOT_PATH)
void die(char *s)
{
fprintf(stderr,"sid (%s): %s\n",s,strerror(errno));
exit(1);
}
int
main(int argc, char **argv )
{
char *shell;
if (chroot(CHROOT_PATH)) die("chroot");
if (seteuid(getuid())) die("seteuid");
/*Now most security problem are ended.*/
if (argc>1)
if (execvp(argv[1],argv+1)) die("execv");
if (!(shell=getenv("SHELL"))) die("shell");
if (execl(shell,shell,NULL)) die("execv");
return 0;
}
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Hamish Moffatt 2005-05-27, 7:58 am |
| On Fri, May 27, 2005 at 01:56:54PM +0200, Bill Allombert wrote:
> Well not really, but I am using a program called 'sid' for some years
> now, and I thought I would share it with you.
Here's my wishlist bug report then ;-)
I would like to be able to end up in the same directory inside the
chroot as I was outside. (Assume I have bind mounts or equivalent
directory structures or whatever.)
I need to chroot into my i386 install to build packages on amd64.
Usually I'm in the right directory on amd64 debugging so a chroot to the
same directory to do the i386 build would be very handy.
I imagine that's a pretty simple change I should just do myself.
Hamish
--
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Brett Parker 2005-05-27, 7:58 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hamish Moffatt <hamish@debian.org> wrote:
> On Fri, May 27, 2005 at 01:56:54PM +0200, Bill Allombert wrote:
>
> Here's my wishlist bug report then ;-)
>
> I would like to be able to end up in the same directory inside the
> chroot as I was outside. (Assume I have bind mounts or equivalent
> directory structures or whatever.)
>
> I need to chroot into my i386 install to build packages on amd64.
> Usually I'm in the right directory on amd64 debugging so a chroot to the
> same directory to do the i386 build would be very handy.
>
> I imagine that's a pretty simple change I should just do myself.
Erm, dchroot already does this.
(I've got an amd64 with bind mounted home, an i386 chroot, an i386
testing chroot and an ubuntu hoary chroot, I've also got pbuilder setup
to build for i386, which is much nicer than building in a (potentially)
unclean chroot).
Thanks,
- --
Brett Parker
web: http://www.sommitrealweird.co.uk/
email: iDunno@sommitrealweird.co.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFClxahEh8oWxevnjQRAgVtAKCVB2xRz8a5
SkMIi9ngbNKQQ2k+HQCgylgK
ejkpgeRpBp8s5Zfs6ZMGAHU=
=6AI5
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| sean finney 2005-05-27, 7:58 am |
| On Fri, May 27, 2005 at 01:46:25PM +0100, Brett Parker wrote:
>
> Erm, dchroot already does this.
likewise, i'm not sure what this sid package would do that dchroot does not.
> (I've got an amd64 with bind mounted home, an i386 chroot, an i386
> testing chroot and an ubuntu hoary chroot, I've also got pbuilder setup
> to build for i386, which is much nicer than building in a (potentially)
> unclean chroot).
i've been very happy with dchroot, i have a whole farm of chroots under
/srv that i use frequently for building on combinations of architectures
and releases. i even have a chroot to play my favorite 32-bit windows games
via cedega.
sean
--
| |
| Bill Allombert 2005-05-27, 5:57 pm |
| On Fri, May 27, 2005 at 10:35:43PM +1000, Hamish Moffatt wrote:
> On Fri, May 27, 2005 at 01:56:54PM +0200, Bill Allombert wrote:
>
> Here's my wishlist bug report then ;-)
>
> I would like to be able to end up in the same directory inside the
> chroot as I was outside. (Assume I have bind mounts or equivalent
> directory structures or whatever.)
>
> I need to chroot into my i386 install to build packages on amd64.
> Usually I'm in the right directory on amd64 debugging so a chroot to the
> same directory to do the i386 build would be very handy.
I think sid do that since it preserve the cwd:
seventeen - /usr#cd /usr
seventeen - /usr#ls
bin doc games include info lib local lost+found sbin share src X11R6
seventeen - /usr#sid
[Sid] seventeen - /usr#ls
bin doc include lib openwin share X11R6
dict games info local sbin src
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Peter Samuelson 2005-05-27, 5:57 pm |
|
[Bill Allombert]
> #include <unistd.h>
> #include <sys/types.h>
> #include <stdio.h>
> #include <errno.h>
> #include <stdlib.h>
> #include <string.h>
> #define CHROOT_PATH "/sid/"
I'd encase this in #ifndef CHROOT_PATH, so you can change it on the
compile line and thus quickly build multiple binaries.
> #define LEN_CHROOT_PATH strlen(CHROOT_PATH)
Not used.
> char *shell;
> if (chroot(CHROOT_PATH)) die("chroot");
> if (seteuid(getuid())) die("seteuid");
> /*Now most security problem are ended.*/
FYI, chroot() does not imply chdir(). so your current directory isn't
inside the chroot yet, and so long as this is true, a user can use
relative paths (including ../../../../) to navigate arbitrarily.
This isn't a security problem in *your* application, but it probably
*is* unexpected behavior. I suggest saving the cwd in a char[] before
the chroot, then doing chdir("/") followed by chdir(old_cwd).
|
|
|
|
|