Gentoo Archives: gentoo-amd64

From: Tres Melton <tres@××××××××××.com>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] chrrot'ed environment not available to users
Date: Wed, 29 Mar 2006 23:16:01
Message-Id: 1143674069.1810.9.camel@thor.tres.org
In Reply to: [gentoo-amd64] chrrot'ed environment not available to users by Mark Knecht
On Thu, 2005-12-08 at 08:46 -0800, Mark Knecht wrote:
> Hi, > Thanks for the help yesterday. I now have a partially populated > chroot'ed environment that runs Firefox and a few other things. > Unfortunately it's not available to users: > > mark@lightning ~ $ linux32 chroot /mnt/gentoo32 /bin/bash > chroot: cannot change root directory to /mnt/gentoo32: Operation not permitted > mark@lightning ~ $ > > Anyway, thanks in advance for you help. > > cheers, > Mark >
Not to knock Billy's idea as it seems valid too but I use a script file: #!/bin/bash # # Written and Copyright by Tres Melton (2005) # # Run a 32 bit program from 64 bit space # # If parameters given then execute the command instead of /bin/bash # If no parameters then create a new 32 bit chroot jail shell # JAIL_DIR="/mnt/sdb3/Gentoo-32" if [ $# -eq 0 ] ; then echo "Starting 32 bit shell..." /bin/linux32 sudo chroot ${JAIL_DIR} /usr/bin/sudo -u "#${UID}" bash -c "( cd ~ ; /bin/bash )" else echo "Starting a 32 bit shell to run \"$*\"" /bin/linux32 sudo chroot ${JAIL_DIR} /usr/bin/sudo -u "#${UID}" bash -c "( cd ~ ; $* )" fi Now /etc/sudoers needs to allow all users to call chroot and if you don't trust everyone then you may choose to lock some of the parameters and not let them be provided on the CLI. Also each user that uses this should have an account in the 32bit chroot jail as well. Cheers, -- Tres Melton IRC & Gentoo: RiverRat

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
[gentoo-amd64] Re: chrrot'ed environment not available to users Duncan <1i5t5.duncan@×××.net>