Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo Chroot Script
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
StevenC21
n00b
n00b


Joined: 07 Jun 2018
Posts: 63

PostPosted: Fri Jan 04, 2019 6:36 am    Post subject: Gentoo Chroot Script Reply with quote

Hey, so I wrote a small script mostly taken from the Gentoo Handbook. Its designed to chroot into a Gentoo system in such a way that you are able to begin maintenance on it. It does not handle mounting the partitions for the Gentoo system, since that can be very variable and I don't know of a reliable way to figure out what partitions mount where. That is for the user to determine. Anyways, here it is.

Code:

#!/bin/bash
FS=$1
SH=$2


if [ ! -e /tmp/*.gntmnt ]; then # If nobody is in the system then we should mount the needed filesystems
        echo "No Mount detected"
        echo "Mounting Necessary Filesystems..."
        sudo mount --types proc /proc ${FS}/proc
        sudo mount --rbind /sys ${FS}/sys
        sudo mount --make-rslave ${FS}/sys
        sudo mount --rbind /dev ${FS}/dev
        sudo mount --make-rslave ${FS}/dev
fi
echo "Chrooting into Gentoo system..."
touch /tmp/${$}.gntmnt # Create a temporary file to tell the script that we are inside the system
sudo chroot ${FS} ${SH}


# By this point the user has exitted from the Chroot, its time to unmount filesystems - assuming this is the only shell still in it...
rm /tmp/${$}.gntmnt

if [ ! -e /tmp/*.gntmnt ]; then

        echo "Unmounting Filesystems..."
        sudo umount -l ${FS}/dev{/shm,/pts,}
else
        echo "Other shells chrooted, not unmounting filesystems..."
fi


Any comments/suggestions/questions are welcome!
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 968
Location: The Holy city of Honolulu

PostPosted: Fri Jan 04, 2019 6:41 am    Post subject: Reply with quote

This should probably posted in Documentation, Tips & Tricks.
_________________
Time is a great teacher, but unfortunately it kills all its pupils.
Back to top
View user's profile Send private message
StevenC21
n00b
n00b


Joined: 07 Jun 2018
Posts: 63

PostPosted: Fri Jan 04, 2019 6:45 am    Post subject: Reply with quote

Can I move it somehow?
Back to top
View user's profile Send private message
fedeliallalinea
Bodhisattva
Bodhisattva


Joined: 08 Mar 2003
Posts: 21328
Location: here

PostPosted: Fri Jan 04, 2019 6:53 am    Post subject: Reply with quote

StevenC21 wrote:
Can I move it somehow?

No, but you can use report button (at top right) and ask to move thread
_________________
Questions are guaranteed in life; Answers aren't.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42560
Location: 56N 3W

PostPosted: Fri Jan 04, 2019 1:00 pm    Post subject: Reply with quote

Moved from Other Things Gentoo to Documentation, Tips & Tricks.

After the user has mounted root (at /mnt/gentoo) in the chroot, you can read /mnt/gentoo/etc/fstab and parse that.
You can't use it as is but you can prepend /mnt/gentoo/ to the mount points.

Extracting the filesystem location (partition) is harder. If its given as UUID or PARTUUID, you can use it as is.
If its /dev/sd*, the drive may not be correct but you can compare it to the drive that has a partition attached at /mnt/gentoo/

For multi drive installs, that use several /dev/sd*, you don't have enough information.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
StevenC21
n00b
n00b


Joined: 07 Jun 2018
Posts: 63

PostPosted: Fri Jan 04, 2019 7:08 pm    Post subject: Reply with quote

I thought about using fstab as well Neddy, but I am still concerned about those issues.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13490

PostPosted: Sat Jan 05, 2019 1:49 am    Post subject: Re: Gentoo Chroot Script Reply with quote

StevenC21 wrote:
Code:
#!/bin/bash
Missing use of set -eu.
StevenC21 wrote:
Code:
FS=$1
SH=$2
You should test if these are set to sane values. If the user runs without arguments, you may get odd results.
StevenC21 wrote:
Code:
if [ ! -e /tmp/*.gntmnt ]; then # If nobody is in the system then we should mount the needed filesystems
Since /tmp is world-writable, someone else may have created a conflicting file. On a multi-user system, you should put your lockfile somewhere that no one else can interfere.
StevenC21 wrote:
Code:
        echo "No Mount detected"
        echo "Mounting Necessary Filesystems..."
These can be combined.
StevenC21 wrote:
Code:
        sudo mount --types proc /proc ${FS}/proc
        sudo mount --rbind /sys ${FS}/sys
        sudo mount --make-rslave ${FS}/sys
        sudo mount --rbind /dev ${FS}/dev
        sudo mount --make-rslave ${FS}/dev
Why use sudo on every single command? It would be simpler to say that the script must run as root.
StevenC21 wrote:
Code:
touch /tmp/${$}.gntmnt # Create a temporary file to tell the script that we are inside the system
Brace notation is not needed here. You can use $$ (but as above, you shouldn't be putting your lockfile in /tmp).
StevenC21 wrote:
Code:
if [ ! -e /tmp/*.gntmnt ]; then
There are some Time-of-Check/Time-of-Use errors here. If another instance starts after this test and mounts its pseudo-filesystems before you reach the umount, you will take them away from it. If a stray lockfile is present when your script starts, and not present when you reach this line, then you will unmount filesystems that you never mounted. This could be particularly bad if $FS is blank, which you do not guard against. In that case, you would lazy-unmount the host pseudo-filesystems.

The simplest fix for all these problems is to use mount namespaces. Make a private mount namespace. Unconditionally bind mount the pseudo-filesystems you want. Let the kernel remove them when you exit. That removes the need for lock files and eliminates all the associated race conditions.
Back to top
View user's profile Send private message
StevenC21
n00b
n00b


Joined: 07 Jun 2018
Posts: 63

PostPosted: Sat Jan 05, 2019 8:02 pm    Post subject: Reply with quote

I am curious about your last suggestion. You mentioned that a second instance could mount the pseudo filesystems... but this would not happen, since it checks for any lockfiles denoting that someone is already in the filesystem. If you could explain in greater detail how this scenario might occur I would be grateful :).

Here is the current version of the script:

Code:

#!/bin/bash
set -eu

FS=$1
SH=$2

if [ -z $FS ]; then
        echo "Filesystem to chroot not set"
        exit 1
fi

if [ -z $SH ]; then
        echo "Shell to chroot with not set"
        exit 1
fi

mkdir -p /var/lib/gntmnt/

if [ ! -e /var/lib/gntmnt/*.gntmnt ]; then # If nobody is in the system then we should mount the needed filesystems
touch /var/lib/gntmnt/$$.gntmnt # Create a temporary file to tell the script that we are inside the system
        echo "No Mount detected, Mounting Necessary Filesystems..."
        mount --types proc /proc ${FS}/proc
        mount --rbind /sys ${FS}/sys
        mount --make-rslave ${FS}/sys
        mount --rbind /dev ${FS}/dev
        mount --make-rslave ${FS}/dev
fi
echo "Chrooting into Gentoo system..."
sudo chroot "${FS}" "${SH}"


# By this point the user has exitted from the Chroot, its time to unmount filesystems - assuming this is the only remaining shell.
rm /var/lib/gntmnt/$$.gntmnt

if [ ! -e /var/lib/gntmnt/*.gntmnt ]; then

        echo "Unmounting Filesystems..."
        umount -l ${FS}/dev{/shm,/pts,}
else
        echo "Other shells chrooted, NOT unmounting filesystems..."
fi
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13490

PostPosted: Sat Jan 05, 2019 8:40 pm    Post subject: Reply with quote

Considering the first version of the script, suppose that there are two instances of the script running.
  • Instance #1 starts, runs through to the chroot, and pauses there while the user shell runs.
  • Instance #2 starts, notices that there is a lockfile, and skips creating the bind mounts.
  • Instance #1 exits the chroot and deletes its lockfile.
  • Instance #1 is preempted after the rm runs, but before the [ test runs.
  • Instance #2 resumes, deletes its lockfile, and runs the test. It finds no lockfile (because rm deleted it, and instance #1 already removed its lockfile).
  • Instance #2 unmounts the pseudo-filesystems, then exits.
  • Instance #1 resumes, runs the test, and finds no lockfiles. It too decides to unmount the pseudo-filesystems. However, due to your locking at the start, only one of the two instances mounted the pseudo-filesystems, so only one of them should unmount.
Threaded programming is hard. Any time you introduce locks, you need to think very carefully about whether the locks actually lock out all the bad situations.

Considering the second version, you removed some uses of sudo, but not others. The mount calls need to run as root, so the second script only works as root. This is fine, but if it is already guaranteed to be root, it doesn't need to sudo the chroot call.

In both versions, you mount, but never unmount, the proc andd sys pseudo-filesystems.

Also, your lockfile test will malfunction if more than one lockfile exists. The glob expands first, then the shell complains that you cannot test for more than one file.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42560
Location: 56N 3W

PostPosted: Sat Jan 05, 2019 9:43 pm    Post subject: Reply with quote

Hu,

Its not a lock that's needed, its a counter, to determine how many instances of the script are running in the same chroot.
Eww ... recursion is hard when you have to do it all yourself.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum