Talk:Development Team/Chroot
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Restricting Xephyr connections
Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can:
- bind-mount the X unix socket into the chroot.
- ssh into the chroot with X11-forwarding enabled.
- Enable TCP on an X server, e.g. a nested Xephyr.
In the main walk-through, we chose to use an open Xephyr like so:
Xephyr -ac :1
However, we might instead try:
# outside chroot DISP=:1 # adjust to suit your configuration COOKIE=$(mcookie) AUTH=$(mktemp) echo "add $DISP . $COOKIE" | xauth -f "$AUTH" echo "add these commands to clients:" echo "export DISPLAY=\"localhost$DISP\"" echo "export XAUTHORITY=\"$AUTH\"" Xephyr -auth "$AUTH" -reset -terminate "$DISP" && rm "$AUTH"
And, inside the chroot, set the DISPLAY and XAUTHORITY variables as directed by the setup script and copy the "$AUTH" file from outside the chroot into the chroot to the path assigned to "$XAUTHORITY".
as_person script, when PAM is misconfigured
cat > as_person <<EOF #!/usr/bin/env python from os import environ, chdir, setgroups, setgid, setuid, execve from sys import argv from pwd import getpwnam user = getpwnam(argv[1]) environ['HOME'] = user.pw_dir environ['USER'] = user.pw_name chdir(user.pw_dir) setgroups([user.pw_gid]) setgid(user.pw_gid) setuid(user.pw_uid) execve(argv[2], argv[2:], environ) EOF chmod a+x as_person ./as_person sugar /usr/bin/sugar
Using xz utils
this step must be reformed,
curl http://dev.laptop.org/~mstone/releases/SOURCES/$NV.tar.xz | tar Zxf $NV.tar.xz
because tar doesn't suggest it (for now)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523499
this is at least in debian/ubuntu