View previous topic :: View next topic | Writer | Message | fpoprocks n00b Joined: 01 October 2004 Posts: fifteen Location: Worcester, MA, Us | Posted: Sunday Oct 03, 2004 3:02 am Mail subject: HOWTO: meliorate utilize your chroot | | | HOWTO: better utilise your chroot Why I'chiliad writing this Perhaps I'm just dense, just I recently realized a much easier mode of running 32-bit programs on a 64-bit system. Since I had these 'problems', I would imagine that other people might besides, so here goes nothing What I was doing earlier I used to exercise one of the post-obit to install and run a 32-bit programme... - chroot to my 32-bit root
- emerge <package>
- run <bundle> within the chroot
... or... - download pre-compiled binaries
- install 32-bit binaries into my 64-fleck root
- run the binaries from in that location (probably afterward searching for a few libraries I didn't take)
Evidently, each method has advantages and disadvantages. The outset method uses the portage system and all 32-fleck binaries are seperate from the 64-bit ones which is nice. Unfortunatly, information technology's more piece of work to run these programs - it'd be nice if they just sat in your 64-scrap root and so y'all could access the rest of your files and whatnot. The 2nd method works from your 64-flake root, but you lose the utilise of the portage system so updating software and finding dependencies becomes much more of a chore. It'due south also kind of 'messy'. My method has nearly of the advantages of both (and just a 'small' disadvantage (More on that later!)) Prerequisites First of all, if you don't already have a 32-bit chroot setup, this would be the first pace. Check the technotes for how to do that. I setup my 32-bit chroot at /linux32, so I will apply that for the rest of this howto. Likewise, make sure yous are able to run 32-bit binaries and you have the emulation libraries installed (meet the technotes). How information technology works Inside the chroot, we have a fully setup organization. So that ways we accept all the libraries we need and such. Improve yet, if you emerge something new, say mplayer, all the libraries that mplayer depends on will also be setup in the chroot. Say we emerged mplayer in the chroot. mplayer is at present installed to (from the 64-bit system'southward perspective) /linux32/usr/bin/mplayer. Unfortunatly, if nosotros endeavor to start it, we become a bunch of link errors because the 64-flake system can't find the libraries mplayer needs. But! The libraries are in that location, but waiting for us to employ them - we just need to tell linux where to look for them. To exercise this, we'll create a new file in /etc/env.d/. (I'm not sure virtually the naming convention in that folder, but I decided to put my file 'near' the libc emulation libraries, so I called my file '40linux32'. It seems to piece of work fine so far.) Lawmaking: | # if you lot don't use KDE three.3, remove the ':' and the 2d path # you may want another directory in identify of the kde directory if you # use gnome, etc, but I'thou not sure what that would be... echo 'LDPATH="/linux32/usr/lib:/linux32/usr/kde/3.3/lib"' > /etc/env.d/40linux32 # regenerate the ld-cache - put our new path(southward) into issue env-update | The beginning line gives some locations to wait for libraries. (It is like the PATH variable, but for libraries.) You may want to add to this. And then far, everything is working fine with only these 2 paths for me. Note that directories are seperated by a colon. The last step is to setup some symlinks to the newly emerged package'south executables. In the instance of mplayer, simply exercise similar and so... Code: | cd /usr/bin ln -s /linux32/usr/bin/mplayer ln -s /linux32/usr/bin/mencoder ln -southward /linux32/usr/bin/gmplayer | Of course setting up more than packages is easier since we will usually not take to alter whatever settings in /etc/env.d - just emerge in the chroot and setup the symlinks in the 64-bit root! The problem Unfortunatly, this does have a disadvantage - we only take care of the binaries. Some packages install more merely binaries. Things such as configuration files and homo pages. Usually this is like shooting fish in a barrel enough to deal with. For our mplayer case, we're missing the mplayer configuration files and the codecs. To fix this, simply do... Code: | ln -due south /linux32/etc/mplayer.conf /etc/mplayer.conf ln -south /linux32/usr/share/mplayer /usr/share/mplayer | I'm non quite sure what to do about man pages... Any suggestions? So, proficient luck! Also, if anyone thinks this is a BAD Thought, please let me know! I'thou non quite an skilful... notwithstanding... | | Back to top | | | deefster Tux's lil' helper Joined: 19 April 2004 Posts: 77 | Posted: Mon Oct 04, 2004 3:45 am Post field of study: | | | Running programs out of the chroot does accept some limitations, though I've found they are minimized with a couple simple practices: Code: | mount -o bind /habitation /linux32/home mount -o bind /tmp /linux32/tmp | - gear up XAUTHORITY to the same value exterior the chroot in this way yous wont have to mess with xhost or xserver nolisten settings at all. - mount any other dir you desire to access Otherwise, to run programs outside the chroot, you can only work with binary packages and let portage handle all the installation details/dependencies. volition put a binary bundle in PKGDIR in the chroot. Check out quickpkg if yous already have <bundle> emerged. Then Code: | PKGDIR=/linux32/path/used/higher up emerge -Yard mplayer | to emerge a 32-scrap binary only mplayer from your chroot. | | Back to top | | | tarzan420 Tux's lil' helper Joined: 05 Jul 2003 Posts: 81 Location: Fairbanks AK | Posted: Tue Oct 12, 2004 viii:02 am Post subject: | | | then, umm, is there a way to set up it up such that I can do chroot as my normal user, and not have to become root? _________________ The power of Unix coupled with a pleasing interface and scores of usable desktop applications is a disgusting perversion of everything Unix stands for. | | Back to top | | | bverheg n00b Joined: 01 Sep 2002 Posts: 39 Location: Vlaanderen | Posted: Tue Oct 12, 2004 iv:27 pm Post subject: | | | sudo, as in Code: | sudo linux32 chroot /mnt/gentoo32 /bin/bash | Actually, I utilize a script to offset mount -o demark the needed dirs in gentoo32, and then chroot. And I requite the normal user account sudo access to that script. | | Back to summit | | | hamaker n00b Joined: 09 Sep 2004 Posts: 73 Location: Netherlands | | Back to top | | | daemonflower Apprentice Joined: 17 Jul 2004 Posts: 290 | Posted: Wednesday October thirteen, 2004 2:20 pm Postal service bailiwick: | | | bverheg wrote: | sudo, every bit in Code: | sudo linux32 chroot /mnt/gentoo32 /bin/bash | | This is questionable from a security indicate of view, as the normal user has root access to the chroot then. Another questionable method, for a different reason, is to Code: | chmod u+south `which chroot` | The user appears as a normal user to the chroot organisation then, but y'all accept ane more setUID root executable on your system so. Choose your poison... I don't know a manner to cleanly chroot a normal user. I'd sure be interested to hear of one. | | Dorsum to summit | | | evade n00b Joined: 12 October 2004 Posts: four | Posted: Wednesday October thirteen, 2004 eight:09 pm Mail subject: | | | how about granting the user sudo access to a script like this: gnome-concluding -eastward 'linux32 chroot /linux32 /bin/su - dave' | | Back to superlative | | | bverheg n00b Joined: 01 Sep 2002 Posts: 39 Location: Vlaanderen | Posted: Thu Oct xiv, 2004 5:32 pm Post subject: | | | daemonflower wrote: | bverheg wrote: | sudo, equally in Lawmaking: | sudo linux32 chroot /mnt/gentoo32 /bin/bash | | This is questionable from a security indicate of view, every bit the normal user has root access to the chroot then. | With sudo you tin pretty well configure what exactly yous give each user access to. Yous could even restrict his admission to a single command in the chroot (e.g. just let him execute a 32bit firefox-bin). Most likely you just desire to drop the user in a beat nether his own uid. You can do this for user joe by creating a script with the control Code: | linux32 chroot /mnt/gentoo32 su - joe | and giving him sudo admission to it. User joe will then end up nether his own account in the chroot. | | Back to top | | | emerose n00b Joined: 14 Oct 2004 Posts: 11 | Posted: Fri Oct 15, 2004 three:09 pm Post subject: script to prepare /linux32 | | | I wrote this script to set up various things in /linux32. It's designed to be run from /etc/init.d -- copy it there and do 'rc-update add <file> default' Code: | #!/sbin/runscript # setup /linux32 to match / # copyright 2004 sam quigley <sq@emerose.com> # gratuitous distribution, modification, etc. encouraged depend() { demand localmount need bootmisc } start() { # Mount /tmp ebegin "Mounting directories under /linux32" mount -o bind /boot /linux32/boot >/dev/null && \ mount -o bind /dev /linux32/dev >/dev/zero && \ mount -o bind /mnt /linux32/mnt >/dev/nothing && \ mount -o bind /root /linux32/root >/dev/null && \ mountain -o bind /tmp /linux32/tmp >/dev/null && \ mountain -o demark /dwelling /linux32/home >/dev/null && \ mount -o demark /usr/share /linux32/usr/share >/dev/null && \ mount -o bind /usr/portage /linux32/usr/portage >/dev/zero && \ eend $? "Problem mounting some directories" # Copy files around ebegin "Copying files into /linux32/etc" cp -pf /etc/resolv.conf /linux32/etc >/dev/null && \ cp -pf /etc/passwd /linux32/etc >/dev/null && \ cp -pf /etc/shadow /linux32/etc >/dev/null && \ cp -pf /etc/group /linux32/etc >/dev/nothing && \ cp -pf /etc/gshadow /linux32/etc >/dev/null && \ cp -pf /etc/hosts /linux32/etc > /dev/null && \ cp -pf /etc/hostname /linux32/etc > /dev/null && \ cp -pf /etc/dnsdomainname /linux32/etc > /dev/nil && \ cp -pf /etc/sudoers /linux32/etc > /dev/zip && \ cp -Ppf /etc/localtime /linux32/etc >/dev/null && \ eend $? "Problem copying files" } | This is my showtime stab at this, and so let me know if there are ways to brand information technology better. I didn't copy things like include files and source directories, because I suspect that that stuff may vary by compages. Also, there are presumably things I could have done under /var and maybe /usr/X11R6 -- just I'm non certain which things are arch-dependent, and so I didn't touch them... -sq [Edit: changed the file copy code to use p (preserve owners), and to copy some more than files across] | | Back to meridian | | | lramos85 Tux'south lil' helper Joined: 29 Jun 2004 Posts: 141 Location: Riverside, Ca | Posted: Saturday October 16, 2004 2:02 am Post subject area: | | | Hey neat pretty smart, I'll try it and post back. Thanks fpoprocks for your post and emerose for the file. _________________ Registered Linux User #328996 Annals Now! Adpot an unanswered post today! | | Back to top | | | fpoprocks n00b Joined: 01 Oct 2004 Posts: 15 Location: Worcester, MA, United states | Posted: Saturday October 16, 2004 6:20 am Post subject: | | | hamaker wrote: | I'm non an expert yet either , so could you help me on this: I get an errormessage when I try your env.d file: Code: | !!! Invalid token (not "=") 'LDPATH="/mnt/gentoo32/usr/lib"' | I don't know what to exercise about it but everything is solved by putting the actress LDPATH in the 00basic file, it seems. I can't try out if information technology works yet, every bit my reckoner is compiling the 32bit system this very moment, merely is there anything fundamentaly wrong with this (seemingly more simple) solution? | Hmm - that'southward strange. But AFAIK, adding an extra path to, say, 00basic won't cause anything to pause. I could imagine that these files may become overwritten when updating some packages. So just sentry out for it when you run etc-update Also, thanks to anybody for the chroot-as-a-normal-user tips! | | Back to top | | | Brandish posts from previous: | | | You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You lot cannot vote in polls in this forum | |
0 Response to "The Chroot Setup May Be Broken You May Want to Update Your Chroot Again"
إرسال تعليق