From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6478227101770055680 X-Received: by 10.46.41.200 with SMTP id p69mr48428ljp.37.1508409569546; Thu, 19 Oct 2017 03:39:29 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.46.99.220 with SMTP id s89ls972210lje.14.gmail; Thu, 19 Oct 2017 03:39:28 -0700 (PDT) X-Google-Smtp-Source: ABhQp+RretMhFA2t32WgpXNIBEL83GmX0s/GJxdyUV2Yk+7nHZzHLIj0qFdIeklVbL/yy/ArEJmc X-Received: by 10.46.93.83 with SMTP id r80mr45272ljb.32.1508409568895; Thu, 19 Oct 2017 03:39:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508409568; cv=none; d=google.com; s=arc-20160816; b=UBTfAXpVR3hi/pgnJc+xC8YgIQphD3QTX0JU9FX4WO9sfNK8QU1i1wH+FTkXMD7qeR Q7d5jLVLY/GsPsAhwxzoOuoDSL4tI2UgeJ97ISwjDjwiEMAf49nbKNXiNyll0PpSCoif znBApvfQda12CvdeLFj3OWoPcDJnyWC1Xa56QSraLvSd+d0PNI6s+uebU/YOtji18T7B NJ1I5J4T3quiFRaIGfFq4Riyfkxns1StmiocvAm47OWebSMgDmVPES1kJ+Ohc0zgwWvw idLsUxZR1s18sphVAxMY08k16SiQxs7aLn8qQRpvcFmh1WjzKurqgV9HkmOZwZL//Le8 5amw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject :arc-authentication-results; bh=bT7isa0LF3+ox0hI1mQ/lk1xQHFZwgpG7qHts3O3lRM=; b=EAxjX7VmH9R+sVMkDHkt1N7sSKmdSyxhMYtbrEdn7AZdM7UNb5tP6dJPw0ejpWJpu8 cO0kpAAjHNUI1COrW9YrPkm+hVNy4nENR6+eIkShitB+MNTN7T2pmaDytTP1l3o70r6V KZSqP+giKvsSx2WYcP5uYBO9iTE25SyYGGlSOhmiSlDMyogfLhGUDzcSoM/LAC7slSxX fQPVeng2Ep2SrP2FF02eA/hH91108W7DtyEF0jh/525k6k2vNR1vB706N1YaqAEX2at/ /ctR3LcbJv3DPSOigdJOv7h0crL8Gfn17qq35DuqMzKp7NeYWUhjncLbscvDHsOd155W Z8Cw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id g190si89800lfg.4.2017.10.19.03.39.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Oct 2017 03:39:28 -0700 (PDT) Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id v9JAdRlq024372 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Oct 2017 12:39:28 +0200 Received: from [139.25.68.223] (linux-ses-ext02.ppmd.siemens.net [139.25.68.223]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id v9JAdRfC005684; Thu, 19 Oct 2017 12:39:27 +0200 Subject: Re: PRoot experiments To: Alexander Smirnov , Ben Brenson , isar-users References: <0b129e7e-f633-70d8-34fe-07cbb34fac13@ilbers.de> <99059b0d-4a58-eda2-65d3-91dc96ba2bd0@ilbers.de> From: Claudius Heine Message-ID: <0314d700-be53-e319-3248-b6b44f567b2a@siemens.com> Date: Thu, 19 Oct 2017 12:39:27 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <99059b0d-4a58-eda2-65d3-91dc96ba2bd0@ilbers.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-TUID: nYAY4WJgERqz Hi On 10/19/2017 12:14 PM, Alexander Smirnov wrote: > Hi, > > On 10/19/2017 01:07 PM, 'Ben Brenson' via isar-users wrote: >> Am Mittwoch, 18. Oktober 2017 14:29:45 UTC+2 schrieb Alexander Smirnov: >> >>     Hi all, >> >>     I've performed several experiments with PRoot: >> >>     1. Generate multistrap filesystem: >> >>     As reference I've used the following resource: >>     https://github.com/josch/polystrap/blob/master/polystrap.sh >>     >> >>     So, I was able to run the following command without root permissions: >> >>     $ PROOT_NO_SECCOMP=1 proot -0 /usr/sbin/multistrap -f >>     multistrap.conf -d >>     test >> >>     After this command execution I have 'test' folder which looks quite >>     similar to one, generated with sudo (at least 'du -sm' is the same). >> >>     2. Run commands in PRoot chroot: >> >>     I'm successfully able to run PRoot chroot for various architectures: >> >>     $ PROOT_NO_SECCOMP=1 proot -0 -r ./test /bin/bash >> >>     Also I was able to run: 'dpkg --configure -a' in these chroots. >> >>     3. Mount of various work folders: >> >>     Mount forlder using PRoot seems also works good: >> >>     $ PROOT_NO_SECCOMP=1 proot -0 -b /proc -b /dev -r ./test /bin/bash >> >>     And in this chroot I have /proc and /dev mounted. >> >> >>     So, my brief conclusion is: PRoot could be a good option for Isar. It >>     seems that it's designed to support exact features that are required >>     for >>     Isar. :-) >> >>     I'd like to try to implement simple PoC to test if *.deb package >> could >>     be generated in Isar without 'sudo'. >> >>     BTW: PRoot is a part of standard Debian, so it could be installed via >>     'apt-get', no custom repos required. >> >>     --     With best regards, >>     Alexander Smirnov >> >> >> >> >> Sounds nice... >> >> What is the PROOT_NO_SECCOMP=1 for? > > Don't remember exactly, I derived this as workaround from issues in > PRoot guthub (will analyze it in details later). As I got it, there was > some change related to ptrace systemcall in recent kernel and this > option helps old PRoot to workaround this change. I use jessie on my > host so my proot is quite old, probably in stretch this issue is already > fixed. PROOT_NO_SECCOMP=1 should not be necessary if you are using the kas-isar container with '--security-opt=seccomp:unconfined'. I would also advice to used at least version 5.* (I use 5.1.0) because with the version 4.* I had bad experiences previously. Claudius -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de