Difference between revisions of "Talk:Development Team/Chroot"

From Sugar Labs
Jump to navigation Jump to search
Line 1: Line 1:
 
== Restricting Xephyr connections ==
 
== Restricting Xephyr connections ==
 +
Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can:
 +
 +
# bind-mount the X unix socket into the chroot.
 +
# ssh ''into'' the chroot with X11-forwarding enabled.
 +
# Enable TCP on an X server, e.g. a nested Xephyr.
 +
 +
In the main walk-through, we chose to use an open Xephyr like so:
 +
 +
Xephyr -ac :1
 +
 +
However, we might instead try:
 +
 
  # ''outside chroot''
 
  # ''outside chroot''
 
  DISP=:1  # adjust to suit your configuration
 
  DISP=:1  # adjust to suit your configuration

Revision as of 11:03, 23 May 2009

Restricting Xephyr connections

Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can:

  1. bind-mount the X unix socket into the chroot.
  2. ssh into the chroot with X11-forwarding enabled.
  3. Enable TCP on an X server, e.g. a nested Xephyr.

In the main walk-through, we chose to use an open Xephyr like so:

Xephyr -ac :1

However, we might instead try:

# outside chroot
DISP=:1  # adjust to suit your configuration
COOKIE=$(mcookie)
AUTH=$(mktemp)
echo "add $DISP . $COOKIE" | xauth -f "$AUTH"
echo "add these commands to clients:"
echo "export DISPLAY=\"localhost$DISP\""
echo "export XAUTHORITY=\"$AUTH\""
Xephyr -auth "$AUTH" -reset -terminate "$DISP" && rm "$AUTH"

And, inside the chroot, set the DISPLAY and XAUTHORITY variables as directed by the setup script and copy the "$AUTH" file from outside the chroot into the chroot to the path assigned to "$XAUTHORITY".

as_person script, when PAM is misconfigured

cat > as_person <<EOF
#!/usr/bin/env python
from os import environ, chdir, setgroups, setgid, setuid, execve
from sys import argv
from pwd import getpwnam
user = getpwnam(argv[1])
environ['HOME'] = user.pw_dir
environ['USER'] = user.pw_name
chdir(user.pw_dir)
setgroups([user.pw_gid])
setgid(user.pw_gid)
setuid(user.pw_uid)
execve(argv[2], argv[2:], environ)
EOF
chmod a+x as_person
./as_person sugar /usr/bin/sugar