Talk:Development Team/Chroot: Difference between revisions
New page: # ''outside chroot'' DISP=:1 # adjust to suit your configuration COOKIE=$(mcookie) AUTH=$(mktemp) echo "add $DISP . $COOKIE" | xauth -f "$AUTH" echo "add these commands to clients:"... |
RafaelOrtiz (talk | contribs) xz utils |
||
| (3 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Restricting Xephyr connections == | |||
Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can: | |||
# bind-mount the X unix socket into the chroot. | |||
# ssh ''into'' the chroot with X11-forwarding enabled. | |||
# Enable TCP on an X server, e.g. a nested Xephyr. | |||
In the main walk-through, we chose to use an open Xephyr like so: | |||
Xephyr -ac :1 | |||
However, we might instead try: | |||
# ''outside chroot'' | # ''outside chroot'' | ||
DISP=:1 # adjust to suit your configuration | DISP=:1 # adjust to suit your configuration | ||
| Line 10: | Line 23: | ||
And, ''inside'' the chroot, set the <tt>DISPLAY</tt> and <tt>XAUTHORITY</tt> variables as directed by the setup script and copy the <tt>"$AUTH"</tt> file from outside the chroot into the chroot to the path assigned to <tt>"$XAUTHORITY"</tt>. | And, ''inside'' the chroot, set the <tt>DISPLAY</tt> and <tt>XAUTHORITY</tt> variables as directed by the setup script and copy the <tt>"$AUTH"</tt> file from outside the chroot into the chroot to the path assigned to <tt>"$XAUTHORITY"</tt>. | ||
== as_person script, when PAM is misconfigured == | |||
cat > as_person <<EOF | |||
#!/usr/bin/env python | |||
from os import environ, chdir, setgroups, setgid, setuid, execve | |||
from sys import argv | |||
from pwd import getpwnam | |||
user = getpwnam(argv[1]) | |||
environ['HOME'] = user.pw_dir | |||
environ['USER'] = user.pw_name | |||
chdir(user.pw_dir) | |||
setgroups([user.pw_gid]) | |||
setgid(user.pw_gid) | |||
setuid(user.pw_uid) | |||
execve(argv[2], argv[2:], environ) | |||
EOF | |||
chmod a+x as_person | |||
./as_person sugar /usr/bin/sugar | |||
== Using xz utils == | |||
this step must be reformed, | |||
curl http://dev.laptop.org/~mstone/releases/SOURCES/$NV.tar.xz | tar Zxf $NV.tar.xz | |||
because tar doesn't suggest it (for now) | |||
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523499 | |||
this is at least in debian/ubuntu | |||
Latest revision as of 16:13, 24 January 2010
Restricting Xephyr connections
Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can:
- bind-mount the X unix socket into the chroot.
- ssh into the chroot with X11-forwarding enabled.
- Enable TCP on an X server, e.g. a nested Xephyr.
In the main walk-through, we chose to use an open Xephyr like so:
Xephyr -ac :1
However, we might instead try:
# outside chroot DISP=:1 # adjust to suit your configuration COOKIE=$(mcookie) AUTH=$(mktemp) echo "add $DISP . $COOKIE" | xauth -f "$AUTH" echo "add these commands to clients:" echo "export DISPLAY=\"localhost$DISP\"" echo "export XAUTHORITY=\"$AUTH\"" Xephyr -auth "$AUTH" -reset -terminate "$DISP" && rm "$AUTH"
And, inside the chroot, set the DISPLAY and XAUTHORITY variables as directed by the setup script and copy the "$AUTH" file from outside the chroot into the chroot to the path assigned to "$XAUTHORITY".
as_person script, when PAM is misconfigured
cat > as_person <<EOF #!/usr/bin/env python from os import environ, chdir, setgroups, setgid, setuid, execve from sys import argv from pwd import getpwnam user = getpwnam(argv[1]) environ['HOME'] = user.pw_dir environ['USER'] = user.pw_name chdir(user.pw_dir) setgroups([user.pw_gid]) setgid(user.pw_gid) setuid(user.pw_uid) execve(argv[2], argv[2:], environ) EOF chmod a+x as_person ./as_person sugar /usr/bin/sugar
Using xz utils
this step must be reformed,
curl http://dev.laptop.org/~mstone/releases/SOURCES/$NV.tar.xz | tar Zxf $NV.tar.xz
because tar doesn't suggest it (for now)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523499
this is at least in debian/ubuntu