Talk:Development Team/Chroot

Restricting Xephyr connections
Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can:


 * 1) bind-mount the X unix socket into the chroot.
 * 2) ssh into the chroot with X11-forwarding enabled.
 * 3) Enable TCP on an X server, e.g. a nested Xephyr.

In the main walk-through, we chose to use an open Xephyr like so:

Xephyr -ac :1

However, we might instead try:

DISP=:1 # adjust to suit your configuration COOKIE=$(mcookie) AUTH=$(mktemp) echo "add $DISP . $COOKIE" | xauth -f "$AUTH" echo "add these commands to clients:" echo "export DISPLAY=\"localhost$DISP\"" echo "export XAUTHORITY=\"$AUTH\"" Xephyr -auth "$AUTH" -reset -terminate "$DISP" && rm "$AUTH"
 * 1) outside chroot

And, inside the chroot, set the DISPLAY and XAUTHORITY variables as directed by the setup script and copy the "$AUTH" file from outside the chroot into the chroot to the path assigned to "$XAUTHORITY".

as_person script, when PAM is misconfigured
cat > as_person <<EOF from os import environ, chdir, setgroups, setgid, setuid, execve from sys import argv from pwd import getpwnam user = getpwnam(argv[1]) environ['HOME'] = user.pw_dir environ['USER'] = user.pw_name chdir(user.pw_dir) setgroups([user.pw_gid]) setgid(user.pw_gid) setuid(user.pw_uid) execve(argv[2], argv[2:], environ) EOF chmod a+x as_person ./as_person sugar /usr/bin/sugar
 * 1) !/usr/bin/env python

Using xz utils
this step must be reformed,

curl http://dev.laptop.org/~mstone/releases/SOURCES/$NV.tar.xz | tar Zxf $NV.tar.xz

because tar doesn't suggest it (for now)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523499

this is at least in debian/ubuntu