From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6478227101770055680
X-Received: by 10.46.93.83 with SMTP id r80mr188024ljb.32.1508329785999;
        Wed, 18 Oct 2017 05:29:45 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.46.66.144 with SMTP id h16ls596521ljf.11.gmail; Wed, 18 Oct
 2017 05:29:45 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+Sqy+EX2JtSAk7mNHY6Ju3vS9chGjmAEPThJBdzZGDsagwGslei+GJnm+k/vOI7G5izpnfj
X-Received: by 10.25.170.139 with SMTP id t133mr463661lfe.7.1508329785658;
        Wed, 18 Oct 2017 05:29:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1508329785; cv=none;
        d=google.com; s=arc-20160816;
        b=ijK+djqRc352tK4uTvZLYdx76zQm280DanJmOXEX5no5UI1GMKxA+6p6uuhpUKIoqi
         OHl+0r0WtgmBL4WhUUIMvI4Qwu2GJrv77uZsgykCChpdWoOTy7saiMO1G034xe0vyhNe
         I+wCQT673/saZN2v6I5GvvlJnUnaA5Qc2bLKp8eVPK2TX2mg5sW//4Yf7eRtaTBsBJBE
         Fo7hZNkwz3stj5LjZIuw5Smz4awvuvHwbWXn/UrGZRnPRnryG+gCCR27Y8ljyl7JdE7N
         5kRHA5wDEC+WmANk9DDyv71cxMbOt21FpvgeMNQhqOAlFb4ET5L3wj4lMTSed56/HuXv
         cszA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:mime-version:user-agent
         :date:message-id:subject:from:to:arc-authentication-results;
        bh=zgPt3UZu5osA4ov1nvf3xXzfgPavjQT0GJ9eghWPX3o=;
        b=kpCzdV6SZpPhUBhxNskukhFehqkgtwCmDk0+4Tn2Cdm1J4iDjF2EWDaja+AUhoqooY
         ix41VoiKwdeyFT+Uo8Jvhu9Qvehpk2MoNcibk8xg32zGQlZVtJQMeCdqM4HqVLQLykiW
         L0zwqEIMVkpU46T5TViIqeOGibew20tWZGuwZVPa3pXp6mFaSlUQNtZxs46ccMJpjWXn
         CzsLXsoPyrvJK62809LsBCgX3awDLiJt3DFemudAh2aeAZkwTzwx/rwxNnmLICDEVI3U
         nNBiwUMmMB+zO4o75L2YuzD94yTey2Wt6XnpOnxxeg5uvLud6xQ4xGt9BuAaYJeVifV0
         Ba2w==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de
Return-Path: <asmirnov@ilbers.de>
Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211])
        by gmr-mx.google.com with ESMTPS id w14si600593lfk.2.2017.10.18.05.29.45
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 18 Oct 2017 05:29:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) client-ip=85.214.62.211;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de
Received: from [10.0.2.15] ([188.227.110.165])
	(authenticated bits=0)
	by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v9ICTgHJ027211
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT)
	for <isar-users@googlegroups.com>; Wed, 18 Oct 2017 14:29:44 +0200
To: isar-users@googlegroups.com
From: Alexander Smirnov <asmirnov@ilbers.de>
Subject: PRoot experiments
Message-ID: <0b129e7e-f633-70d8-34fe-07cbb34fac13@ilbers.de>
Date: Wed, 18 Oct 2017 15:29:36 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: CcjaQa2SldBn

Hi all,

I've performed several experiments with PRoot:

1. Generate multistrap filesystem:

As reference I've used the following resource:
https://github.com/josch/polystrap/blob/master/polystrap.sh

So, I was able to run the following command without root permissions:

$ PROOT_NO_SECCOMP=1 proot -0 /usr/sbin/multistrap -f multistrap.conf -d 
test

After this command execution I have 'test' folder which looks quite 
similar to one, generated with sudo (at least 'du -sm' is the same).

2. Run commands in PRoot chroot:

I'm successfully able to run PRoot chroot for various architectures:

$ PROOT_NO_SECCOMP=1 proot -0 -r ./test /bin/bash

Also I was able to run: 'dpkg --configure -a' in these chroots.

3. Mount of various work folders:

Mount forlder using PRoot seems also works good:

$ PROOT_NO_SECCOMP=1 proot -0 -b /proc -b /dev -r ./test /bin/bash

And in this chroot I have /proc and /dev mounted.


So, my brief conclusion is: PRoot could be a good option for Isar. It 
seems that it's designed to support exact features that are required for 
Isar. :-)

I'd like to try to implement simple PoC to test if *.deb package could 
be generated in Isar without 'sudo'.

BTW: PRoot is a part of standard Debian, so it could be installed via 
'apt-get', no custom repos required.

-- 
With best regards,
Alexander Smirnov