View previous topic :: View next topic |
Author |
Message |
hex45 n00b
Joined: 29 Jan 2018 Posts: 3
|
Posted: Mon Jan 29, 2018 5:54 am Post subject: genkernel mknod issues |
|
|
I am attempting to install Gentoo base booting form the Pentoo live USB. I mount things for chroot and everything goes well until I try to use genkernel-next to create initramfs. Looking at the source I have determined that the "mknod -m etc" commands are not allowed to run.
I went back to the live environment and did a "mknod -m 660 console c 5 1" in /home/pentoo directory and it worked. Why is the mknod being denied when I chroot?
Thanks |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21619
|
Posted: Tue Jan 30, 2018 4:27 am Post subject: |
|
|
According to Wikipedia, Pentoo uses a grsecurity-patched kernel. Grsecurity-patched kernels are known to restrict mknod in chroot, in the name of "security." I believe there is a sysctl you can change to permit this. However, you should not need to make your own device nodes at all. What exactly failed, and why were you trying to do it? |
|
Back to top |
|
|
hex45 n00b
Joined: 29 Jan 2018 Posts: 3
|
Posted: Wed Jan 31, 2018 1:26 am Post subject: |
|
|
Just trying to follow the steps for an install. When I run "genkernel all --menuconfig" it does fine until it gets to the initramfs script. Looking at the script source it I see that it creates a temporary directory and a bunch of /dev nodes as it generates the initramfs archive. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21619
|
Posted: Wed Jan 31, 2018 3:37 am Post subject: |
|
|
That is not a good way to generate the initramfs, since, as you discovered, it is needlessly fragile. It should have been done using an initramfs manifest.
Since the failure is in a script you cannot readily modify, the simplest course of action would be to permit creating device nodes. You could change the grsecurity-specific sysctl that controls this or you could use a kernel without the grsecurity patches. I do not know the name of the sysctl that controls this in grsecurity. You could also choose to create the initramfs outside of genkernel, but if you are new to this, that's considerably more work for very little real gain. |
|
Back to top |
|
|
hex45 n00b
Joined: 29 Jan 2018 Posts: 3
|
Posted: Sun Feb 04, 2018 10:40 pm Post subject: |
|
|
Is it the kernel provided by the pentoo live disc that is limiting my ability to mknod? If that is the case then why does it allow me to mknod when I am not in the chroot environment?
I am considering an alternate method of installation now by the way.
Thanks for the help. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21619
|
Posted: Mon Feb 05, 2018 1:12 am Post subject: |
|
|
Yes, it is the grsecurity-patched kernel provided by Pentoo that limits you. The relevant code only limits processes that are in a chroot, on the theory that processes in a chroot are less trusted and therefore cannot be permitted to use mknod, which can be a very powerful system call. |
|
Back to top |
|
|
|