| View previous topic :: View next topic |
| Author |
Message |
fpoprocks
n00b
Joined: 01 Oct 2004
Posts: 15
Location: Worcester, MA, USA
|
 Posted: Sun Oct 03, 2004 3:02 am Post subject: HOWTO: better use your chroot |
 |
|
HOWTO: better use your chroot
Why I'm writing this
Perhaps I'm just dense, but I recently realized a much easier way of running 32-bit programs on a 64-bit system. Since I had these 'problems', I would imagine that other people might too, so here goes nothing 
What I was doing before
I used to do one of the following to install and run a 32-bit program...
- chroot to my 32-bit root
- emerge <package>
- run <package> inside the chroot
... or...- download pre-compiled binaries
- install 32-bit binaries into my 64-bit root
- run the binaries from there (probably after searching for a few libraries I didn't have)
Obviously, each method has advantages and disadvantages. The first method uses the portage system and all 32-bit binaries are seperate from the 64-bit ones which is nice. Unfortunatly, it's more work to run these programs - it'd be nice if they just sat in your 64-bit root so you could access the rest of your files and whatnot.
The second method works from your 64-bit root, but you lose the use of the portage system so updating software and finding dependencies becomes much more of a chore. It's also kind of 'messy'.
My method has most of the advantages of both (and only a 'small' disadvantage (More on that later!))
Prerequisites
First of all, if you don't already have a 32-bit chroot setup, this would be the first step. Check the technotes for how to do that.
I setup my 32-bit chroot at /linux32, so I will use that for the rest of this howto.
Also, make sure you are able to run 32-bit binaries and you have the emulation libraries installed (see the technotes).
How it works
Inside the chroot, we have a fully setup system. So that means we have all the libraries we need and such. Better yet, if you emerge something new, say mplayer, all the libraries that mplayer depends on will also be setup in the chroot.
Say we emerged mplayer in the chroot. mplayer is now installed to (from the 64-bit system's perspective) /linux32/usr/bin/mplayer. Unfortunatly, if we try to start it, we get a bunch of link errors because the 64-bit system can't find the libraries mplayer needs. But! The libraries are there, just waiting for us to use them - we just need to tell linux where to look for them.
To do this, we'll create a new file in /etc/env.d/. (I'm not sure about the naming convention in that folder, but I decided to put my file 'near' the libc emulation libraries, so I called my file '40linux32'. It seems to work fine so far.)
| Code: |
# if you don't use KDE 3.3, remove the ':' and the 2nd path
# you may want another directory in place of the kde directory if you
# use gnome, etc, but I'm not sure what that would be...
echo 'LDPATH="/linux32/usr/lib:/linux32/usr/kde/3.3/lib"' > /etc/env.d/40linux32
# regenerate the ld-cache - put our new path(s) into effect
env-update
|
The first line gives some locations to look for libraries. (It is like the PATH variable, but for libraries.) You may want to add to this. So far, everything is working fine with only these two paths for me. Note that directories are seperated by a colon.
The last step is to setup some symlinks to the newly emerged package's executables. In the case of mplayer, just do like so...
| Code: |
cd /usr/bin
ln -s /linux32/usr/bin/mplayer
ln -s /linux32/usr/bin/mencoder
ln -s /linux32/usr/bin/gmplayer
|
Of course setting up more packages is easier since we will usually not have to change any settings in /etc/env.d - just emerge in the chroot and setup the symlinks in the 64-bit root!
The problem
Unfortunatly, this does have a disadvantage - we only take care of the binaries. Some packages install more than just binaries. Things such as configuration files and man pages. Usually this is easy enough to deal with. For our mplayer example, we're missing the mplayer configuration files and the codecs. To fix this, simply do...
| Code: |
ln -s /linux32/etc/mplayer.conf /etc/mplayer.conf
ln -s /linux32/usr/share/mplayer /usr/share/mplayer
|
I'm not quite sure what to do about man pages... Any suggestions?
So, good luck!
Also, if anyone thinks this is a BAD IDEA, please let me know! I'm not quite an expert... yet...  |
|
| Back to top |
|
 |
deefster
n00b
Joined: 19 Apr 2004
Posts: 54
|
| Posted: Mon Oct 04, 2004 3:45 am Post subject: |
|
|
Running programs out of the chroot does have some limitations, though I've found they are minimized with a couple simple practices:
| Code: | mount -o bind /home /linux32/home
mount -o bind /tmp /linux32/tmp |
- set XAUTHORITY to the same value outside the chroot
in this way you wont have to mess with xhost or xserver nolisten settings at all.
- mount any other dir you want to access
Otherwise, to run programs outside the chroot, you can just work with binary packages and let portage handle all the installation details/dependencies.
will put a binary package in PKGDIR in the chroot. Check out quickpkg if you already have <package> emerged.
Then
| Code: | | PKGDIR=/linux32/path/used/above emerge -K mplayer |
to emerge a 32-bit binary only mplayer from your chroot. |
|
| Back to top |
|
|
tarzan420
Tux's lil' helper
Joined: 05 Jul 2003
Posts: 81
Location: Fairbanks AK
|
| Posted: Tue Oct 12, 2004 8:02 am Post subject: |
|
|
so, umm, is there a way to set it up such that I can do chroot as my normal user, and not have to become root?
_________________
The power of Unix coupled with a pleasing interface and scores of usable desktop applications is a disgusting perversion of everything Unix stands for. |
|
| Back to top |
|
|
bverheg
n00b
Joined: 01 Sep 2002
Posts: 39
Location: Vlaanderen
|
| Posted: Tue Oct 12, 2004 4:27 pm Post subject: |
|
|
sudo, as in
| Code: | | sudo linux32 chroot /mnt/gentoo32 /bin/bash |
Actually, I use a script to first mount -o bind the needed dirs in gentoo32, and then chroot. And I give the normal user account sudo access to that script. |
|
| Back to top |
|
|
hamaker
n00b
Joined: 09 Sep 2004
Posts: 73
Location: Netherlands
|
| Posted: Wed Oct 13, 2004 11:56 am Post subject: |
|
|
I'm not an expert yet either  , so could you help me on this:
I get an errormessage when I try your env.d file:
| Code: | !!! Invalid token (not "=") 'LDPATH="/mnt/gentoo32/usr/lib"'
|
I don't know what to do about it but everything is solved by putting the extra LDPATH in the 00basic file, it seems. I can't try out if it works yet, as my computer is compiling the 32bit system this very moment, but is there anything fundamentaly wrong with this (seemingly more simple) solution? |
|
| Back to top |
|
|
daemonflower
Apprentice
Joined: 17 Jul 2004
Posts: 290
|
| Posted: Wed Oct 13, 2004 2:20 pm Post subject: |
|
|
| bverheg wrote: | sudo, as in
| Code: | | sudo linux32 chroot /mnt/gentoo32 /bin/bash |
|
This is questionable from a security point of view, as the normal user has root access to the chroot then. Another questionable method, for a different reason, is to | Code: | | chmod u+s `which chroot` |
The user appears as a normal user to the chroot system then, but you have one more setUID root executable on your system then. Choose your poison...
I don't know a way to cleanly chroot a normal user. I'd sure be interested to hear of one. |
|
| Back to top |
|
|
evade
n00b
Joined: 12 Oct 2004
Posts: 4
|
| Posted: Wed Oct 13, 2004 8:09 pm Post subject: |
|
|
how about granting the user sudo access to a script like this:
gnome-terminal -e 'linux32 chroot /linux32 /bin/su - dave' |
|
| Back to top |
|
|
bverheg
n00b
Joined: 01 Sep 2002
Posts: 39
Location: Vlaanderen
|
| Posted: Thu Oct 14, 2004 5:32 pm Post subject: |
|
|
| daemonflower wrote: | | bverheg wrote: | sudo, as in
| Code: | | sudo linux32 chroot /mnt/gentoo32 /bin/bash |
|
This is questionable from a security point of view, as the normal user has root access to the chroot then. |
With sudo you can pretty well configure what exactly you give each user access to. You could even restrict his access to a single command in the chroot (e.g. just let him execute a 32bit firefox-bin).
Most likely you just want to drop the user in a shell under his own uid. You can do this for user joe by creating a script with the command | Code: | | linux32 chroot /mnt/gentoo32 su - joe |
and giving him sudo access to it. User joe will then end up under his own account in the chroot. |
|
| Back to top |
|
|
emerose
n00b
Joined: 14 Oct 2004
Posts: 11
|
| Posted: Fri Oct 15, 2004 3:09 pm Post subject: script to set up /linux32 |
|
|
I wrote this script to set up various things in /linux32. It's designed to be run from /etc/init.d -- copy it there and do 'rc-update add <file> default'
| Code: |
#!/sbin/runscript
# setup /linux32 to match /
# copyright 2004 sam quigley <sq@emerose.com>
# free distribution, modification, etc. encouraged
depend() {
need localmount
need bootmisc
}
start() {
# Mount /tmp
ebegin "Mounting directories under /linux32"
mount -o bind /boot /linux32/boot >/dev/null && \
mount -o bind /dev /linux32/dev >/dev/null && \
mount -o bind /mnt /linux32/mnt >/dev/null && \
mount -o bind /root /linux32/root >/dev/null && \
mount -o bind /tmp /linux32/tmp >/dev/null && \
mount -o bind /home /linux32/home >/dev/null && \
mount -o bind /usr/share /linux32/usr/share >/dev/null && \
mount -o bind /usr/portage /linux32/usr/portage >/dev/null && \
eend $? "Problem mounting some directories"
# Copy files around
ebegin "Copying files into /linux32/etc"
cp -pf /etc/resolv.conf /linux32/etc >/dev/null && \
cp -pf /etc/passwd /linux32/etc >/dev/null && \
cp -pf /etc/shadow /linux32/etc >/dev/null && \
cp -pf /etc/group /linux32/etc >/dev/null && \
cp -pf /etc/gshadow /linux32/etc >/dev/null && \
cp -pf /etc/hosts /linux32/etc > /dev/null && \
cp -pf /etc/hostname /linux32/etc > /dev/null && \
cp -pf /etc/dnsdomainname /linux32/etc > /dev/null && \
cp -pf /etc/sudoers /linux32/etc > /dev/null && \
cp -Ppf /etc/localtime /linux32/etc >/dev/null && \
eend $? "Problem copying files"
}
|
This is my first stab at this, so let me know if there are ways to make it better. I didn't copy things like include files and source directories, because I suspect that that stuff may vary by architecture. Also, there are presumably things I could have done under /var and maybe /usr/X11R6 -- but I'm not certain which things are arch-dependent, so I didn't touch them...
-sq
[Edit: changed the file copy code to use p (preserve owners), and to copy some more files across] |
|
| Back to top |
|
|
lramos85
Tux's lil' helper
Joined: 29 Jun 2004
Posts: 141
Location: Riverside, Ca
|
| Posted: Sat Oct 16, 2004 2:02 am Post subject: |
|
|
Hey great pretty smart, I'll try it and post back. Thanks fpoprocks for your post and emerose for the file.
_________________
Registered Linux User #328996
Register Now!
Adpot an unanswered post today! |
|
| Back to top |
|
|
fpoprocks
n00b
Joined: 01 Oct 2004
Posts: 15
Location: Worcester, MA, USA
|
| Posted: Sat Oct 16, 2004 6:20 am Post subject: |
|
|
| hamaker wrote: | I'm not an expert yet either , so could you help me on this:
I get an errormessage when I try your env.d file:
| Code: | !!! Invalid token (not "=") 'LDPATH="/mnt/gentoo32/usr/lib"'
|
I don't know what to do about it but everything is solved by putting the extra LDPATH in the 00basic file, it seems. I can't try out if it works yet, as my computer is compiling the 32bit system this very moment, but is there anything fundamentaly wrong with this (seemingly more simple) solution? |
Hmm - that's strange. But AFAIK, adding an extra path to, say, 00basic won't cause anything to break. I could imagine that these files may get overwritten when updating some packages. So just watch out for it when you run etc-update 
Also, thanks to everyone for the chroot-as-a-normal-user tips! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo on AMD64
