From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6478227101770055680 X-Received: by 10.25.150.132 with SMTP id y126mr27175lfd.33.1508403598399; Thu, 19 Oct 2017 01:59:58 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.46.93.79 with SMTP id r76ls931934ljb.7.gmail; Thu, 19 Oct 2017 01:59:58 -0700 (PDT) X-Google-Smtp-Source: ABhQp+Tohh7n3aEZeqOw3B+mh7BEi0zrzeMS7NmYiwPEyuCpdDehFSqZnpgp8mudNssj2I9QnlIV X-Received: by 10.25.145.71 with SMTP id y7mr25229lfj.38.1508403598161; Thu, 19 Oct 2017 01:59:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508403598; cv=none; d=google.com; s=arc-20160816; b=w47Keap4pBlvxVewLRZeE0eMVV4dilOgEg/5dduQ/Hy+zM/29YgnvDys8HN/i6/LRR M/BRpbdj2toYb5SwLepB8Pn+/GfUcbPwIIfwZCLOPMBOLusTuKBPokgGWxFoFRBZFyRI jbX9KMvha/wAvjxOeBt20CrRamaGfhS/wGm6pf79Gxp927BGXj8AzbcQYGshjRuq8Wzx talagRJaHwufkIyhgdKW8DKzUEwEwMRKoRYJ3CKc4SMIiqS+CuD+ZRqquw8Nx2SafrIl PmE/ofHNd17a/7GF+JaezVFltiQsN8+xBKZnefrdiWXS8yCIZ2nABSPN7MMQL2ZAHFxp LLLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:arc-authentication-results; bh=p+JpFlTAv14RA6it6dowS2VShxsb0fKup0t9vgq3GWk=; b=xgrLV+AdPCCTULx66Z4kZ/ihAwmU3r1rpa9gBlEeQOncNx3U7oS32qsstoPs+tqjCv 3Tll1WUOTKT5mNnEc9/wgQJXe/6x33Uexu6AAt2sAibVo6qIXUkY/rmKf15NML8oxcCY GNe0F9FbnABmzyh07QbDHVo863aZuHc7YpOg0sSf7EfaSB3or/DkXtqMk5tGsvPzH/Jt 9oyS57hwSbYcBbprn+sIhIzGoBTt+KCiR5qvjfrkaBHrL+qSN7qfzA3s4JQdZlNipviv bUpN5aUG7LsnBUvGIhRYad64P+DFg1PK0fGdnAk2OCq+phHMJT9vmGB1AFJPSlWhDMgM 1G0w== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id w14si726472lfk.2.2017.10.19.01.59.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Oct 2017 01:59:58 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id v9J8xvX0018069 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Oct 2017 10:59:57 +0200 Received: from md1em3qc ([139.25.68.40]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id v9J8xvsb003213; Thu, 19 Oct 2017 10:59:57 +0200 Date: Thu, 19 Oct 2017 10:59:56 +0200 From: Henning Schild To: Alexander Smirnov Cc: Subject: Re: PRoot experiments Message-ID: <20171019105956.368e1297@md1em3qc> In-Reply-To: <0b129e7e-f633-70d8-34fe-07cbb34fac13@ilbers.de> References: <0b129e7e-f633-70d8-34fe-07cbb34fac13@ilbers.de> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: JEQZH445SuRK On Wed, 18 Oct 2017 15:29:36 +0300 Alexander Smirnov wrote: > Hi all, > > I've performed several experiments with PRoot: > > 1. Generate multistrap filesystem: > > As reference I've used the following resource: > https://github.com/josch/polystrap/blob/master/polystrap.sh > > So, I was able to run the following command without root permissions: > > $ PROOT_NO_SECCOMP=1 proot -0 /usr/sbin/multistrap -f multistrap.conf > -d test > > After this command execution I have 'test' folder which looks quite > similar to one, generated with sudo (at least 'du -sm' is the same). > > 2. Run commands in PRoot chroot: > > I'm successfully able to run PRoot chroot for various architectures: > > $ PROOT_NO_SECCOMP=1 proot -0 -r ./test /bin/bash > > Also I was able to run: 'dpkg --configure -a' in these chroots. > > 3. Mount of various work folders: > > Mount forlder using PRoot seems also works good: > > $ PROOT_NO_SECCOMP=1 proot -0 -b /proc -b /dev -r ./test /bin/bash > > And in this chroot I have /proc and /dev mounted. > > > So, my brief conclusion is: PRoot could be a good option for Isar. It > seems that it's designed to support exact features that are required > for Isar. :-) Sounds promising. The last release of proot was in 2014 but when looking at github it seems it is not dead yet. Would be nice to get a solution to the sudo issue, otherwise we can resort to VMs. But docker or "native" is more light-weight and easier to integrate into CI. Henning > I'd like to try to implement simple PoC to test if *.deb package > could be generated in Isar without 'sudo'. > > BTW: PRoot is a part of standard Debian, so it could be installed via > 'apt-get', no custom repos required. >