Line 1: |
Line 1: |
| + | == Restricting Xephyr connections == |
| + | Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can: |
| + | |
| + | # bind-mount the X unix socket into the chroot. |
| + | # ssh ''into'' the chroot with X11-forwarding enabled. |
| + | # Enable TCP on an X server, e.g. a nested Xephyr. |
| + | |
| + | In the main walk-through, we chose to use an open Xephyr like so: |
| + | |
| + | Xephyr -ac :1 |
| + | |
| + | However, we might instead try: |
| + | |
| # ''outside chroot'' | | # ''outside chroot'' |
| DISP=:1 # adjust to suit your configuration | | DISP=:1 # adjust to suit your configuration |
Line 10: |
Line 23: |
| | | |
| And, ''inside'' the chroot, set the <tt>DISPLAY</tt> and <tt>XAUTHORITY</tt> variables as directed by the setup script and copy the <tt>"$AUTH"</tt> file from outside the chroot into the chroot to the path assigned to <tt>"$XAUTHORITY"</tt>. | | And, ''inside'' the chroot, set the <tt>DISPLAY</tt> and <tt>XAUTHORITY</tt> variables as directed by the setup script and copy the <tt>"$AUTH"</tt> file from outside the chroot into the chroot to the path assigned to <tt>"$XAUTHORITY"</tt>. |
| + | |
| + | == as_person script, when PAM is misconfigured == |
| + | cat > as_person <<EOF |
| + | #!/usr/bin/env python |
| + | from os import environ, chdir, setgroups, setgid, setuid, execve |
| + | from sys import argv |
| + | from pwd import getpwnam |
| + | user = getpwnam(argv[1]) |
| + | environ['HOME'] = user.pw_dir |
| + | environ['USER'] = user.pw_name |
| + | chdir(user.pw_dir) |
| + | setgroups([user.pw_gid]) |
| + | setgid(user.pw_gid) |
| + | setuid(user.pw_uid) |
| + | execve(argv[2], argv[2:], environ) |
| + | EOF |
| + | chmod a+x as_person |
| + | ./as_person sugar /usr/bin/sugar |
| + | |
| + | == Using xz utils == |
| + | |
| + | this step must be reformed, |
| + | |
| + | curl http://dev.laptop.org/~mstone/releases/SOURCES/$NV.tar.xz | tar Zxf $NV.tar.xz |
| + | |
| + | because tar doesn't suggest it (for now) |
| + | |
| + | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523499 |
| + | |
| + | this is at least in debian/ubuntu |