Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Access to devices in chroot
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Multimedia
View previous topic :: View next topic  
Author Message
LIsLinuxIsSogood
Guru
Guru


Joined: 13 Feb 2016
Posts: 453

PostPosted: Mon Nov 27, 2017 10:29 pm    Post subject: Access to devices in chroot Reply with quote

I have gone through the guide for setting up the chroot32, and everything is working in there, except for my sound card and possibly a few other GUI related applications. Given that the chroot environment which was installed from a stage3 tarball is now a full blown envinroment including applications for firmware, drivers, etc.

Basically what is the impact of adding a user with the same name to both environments. Does that help me to avoid device access, or permission issues? Can I add the user in other words from the chroot to my root envirnoment without any unforeseen consequences? Obviously the user accessing or securing the user account on each is of importance.

Would there also be a way to make sure that the user has the same uid (1002) as on the chroot32?

Thanks.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Mon Nov 27, 2017 10:35 pm    Post subject: Re: Access to devices in chroot Reply with quote

LIsLinuxIsSogood wrote:


Would there also be a way to make sure that the user has the same uid (1002) as on the chroot32?

Thanks.


Just a matter on how you made your user.

Quote:
except for my sound card
are you sure it is not a kernel related issue?
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1493

PostPosted: Tue Nov 28, 2017 9:33 pm    Post subject: Reply with quote

Quote:
Would there also be a way to make sure that the user has the same uid (1002) as on the chroot32?
Yes, you can specify UID manually when you create a user. And you can change it later if you feel like doing so (though it gets a bit more messy with all those permissions you have to fix afterwards)
It may be hard to actually switch to that user though. Perhaps you're actually looking for a container rather than chroot.

Quote:
Does that help me to avoid device access, or permission issues?
No, not really. Chroot basically remaps the paths in a branch of the filesystem, so the program you jailed is unable to name files outside of chroot. However, it retains root's permissions, so it can mount /dev somewhere inside the chroot, and then access hardware directly. Again perhaps a container would be more suitable for you. Or maybe even a full virtualization like KVM, if you want to make escaping the jail really hard. (I have seen java apps leak out of LXC, so it certainly is NOT air-tight)
Back to top
View user's profile Send private message
LIsLinuxIsSogood
Guru
Guru


Joined: 13 Feb 2016
Posts: 453

PostPosted: Fri Dec 01, 2017 2:19 am    Post subject: Reply with quote

I am not sure of anything, other than that I don't really have the time to give to it to figure this out, and basically yes I understand that I am basically trying to re-write the book in a sense with making the chroot work as a stable environment of its own, but I think everything that szarox says makes it still seem very possible to do. Basically, as I see there are few important things on the root system that will have to be mounted, like /dev, but also perhaps other things too (I am using a slightly modified script that was made available in the chroot32 guide...)

In terms of what I did within the chroot so far, I created a new user, assigned it to plugdev and a few other groups (this seems tricky because depending on whether or not I actually tell the chroot to do something to update environment with env-update then I'm not sure where it looks for that information).

Then further, because the new user is only located in the chroot, when I install some 32 bit applications, like several installs of app-emulation/wine then what I end up with is a new uid on the system that has no access to the basic functioning devices. Which is how come I would like to use a sort of quick fix for this, either by adding a rule that allows connections from localhost (something like a filesystem share maybe) or to allow it some other way, or if need be go the more direct route that usually always works which is just assign the uid to the same user in both locations (jail and root), effectively breaking the jail.

IF there were some access control feature that would allow devices like graphics and sound to be accessible directly to the changeroot I would be very interested in knowing about it.

Thanks
Back to top
View user's profile Send private message
hceline
n00b
n00b


Joined: 30 Aug 2015
Posts: 26

PostPosted: Fri Dec 01, 2017 7:48 am    Post subject: Reply with quote

For the chroot to work as a full system you need to (bind) mount at-least /dev and /proc into the chroot. I recommend the chroot instructions from the Handbook https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base#Mounting_the_necessary_filesystems
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 39261
Location: 56N 3W

PostPosted: Fri Dec 01, 2017 9:34 am    Post subject: Reply with quote

LIsLinuxIsSogood,

You cannot start/stop services in the chroot. The chroot is only a part of a system.
It still depends on things outside the chroot to work.

e.g. kernel, networking, other services ...
Depending on how far you want to push the boundary of chroot capabilities, a virtual machine may be a better solution to your problem.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Multimedia All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum