Changes

no edit summary
Line 46: Line 46:     
before entering the chroot. (Mock uses unshare() to enter a new mount-point namespace since this makes garbage collection of mountpoints much easier.)
 
before entering the chroot. (Mock uses unshare() to enter a new mount-point namespace since this makes garbage collection of mountpoints much easier.)
 +
 +
=== User Account ===
 +
 +
For stupid reasons, it's necessary that Sugar run under a uid inside the chroot which exists as a real account outside the chroot. (Talk to the DBus people.)
 +
 +
Consequently, run something like this both inside and outside the chroot:
 +
 +
  groupadd -g 64002 sugar
 +
  useradd -m -u 64002 -g sugar sugar
 +
 +
Then, inside the chroot, you can happily run sugar as user 'sugar' with something like
 +
 +
cat > as_person <<EOF
 +
#!/usr/bin/env python
 +
from os import environ, chdir, setgroups, setgid, setuid, execve
 +
from sys import argv
 +
from pwd import getpwnam
 +
user = getpwnam(argv[1])
 +
environ['HOME'] = user.pw_dir
 +
environ['USER'] = user.pw_name
 +
chdir(user.pw_dir)
 +
setgroups([user.pw_gid])
 +
setgid(user.pw_gid)
 +
setuid(user.pw_uid)
 +
execve(argv[2], argv[2:], environ)
 +
EOF
 +
chmod a+x as_person
 +
./as_person sugar /usr/bin/sugar
76

edits