From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6449667588399038464 X-Received: by 10.25.17.23 with SMTP id g23mr2543271lfi.44.1501685717027; Wed, 02 Aug 2017 07:55:17 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.46.81.73 with SMTP id b9ls1156284lje.15.gmail; Wed, 02 Aug 2017 07:55:16 -0700 (PDT) X-Received: by 10.46.81.17 with SMTP id f17mr3042298ljb.14.1501685716544; Wed, 02 Aug 2017 07:55:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501685716; cv=none; d=google.com; s=arc-20160816; b=Cuvgay8V8ls2Ag5pJrfcCZmrLpKKGg0hDeXOLZUMkZCqeaC58+xVzo9x85jGInAFjY mid3xVWQttwDtnbXN7nOH7K6e6J4qpq1rSyfrLaEwGYYk/bijQUZ3uiCTqcPfhXV8VZM hC8qoHoVxUKHZ5nvaTNTPH8/Yavx+nKcdDeVdEJw/4lOpvHJuU2Gl7UpImFAHa9GkM53 mMeB2EjnIrnn+kGMH5L8Xy50skjTdz++Ksv1qr5xJhdj0pllvaoOe+2CRESXoRAlXIgt m63KJo2X6hAN2ywXt5jqgBZYwf5YuddGgSKOWy0As+kBI9pQe3ztEO3cLrPCXsRfMAr3 aQsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject :arc-authentication-results; bh=LUy4tLrJUdlaYCQJiQz9bTSdOZmrGH/OcB9D9e3amik=; b=o3ZqYdmfAF9Dcb5Ud4NiEU09myHWwwW9Okuym1xf1zK8jvmoCzqG6hSEn7YJoMGB7z 6q3FtHt5PUCAgo4VAa5WxNsvG+zZGKtnkdTpH8lLeBz5O66pm7hSvD99K5vgn/rTekgF 9TLO/yqBFHG7NjTHB3x6cHEeziVKYCZGrlJY377lBJhKHh3NhMoi7ThO8uXMriAbKMTC 0H6QppoRcPnaJE0zu9RNrkT/Mi+CnG9uSN3qtSqZSbwKAlFAiHcRe8yjHX9Ud1W0cHqc iSctS4or9mTZ4zsWl5/2AHNHqdI7B2/02c82qiaexUq4R0wOFBKnm1ewYBXERJUhroRT mh2A== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 194.138.37.39 is neither permitted nor denied by best guess record for domain of claudius.heine.ext@siemens.com) smtp.mailfrom=claudius.heine.ext@siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id 139si1052184wmt.0.2017.08.02.07.55.16 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Aug 2017 07:55:16 -0700 (PDT) Received-SPF: neutral (google.com: 194.138.37.39 is neither permitted nor denied by best guess record for domain of claudius.heine.ext@siemens.com) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 194.138.37.39 is neither permitted nor denied by best guess record for domain of claudius.heine.ext@siemens.com) smtp.mailfrom=claudius.heine.ext@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id v72EtGnA000915 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 2 Aug 2017 16:55:16 +0200 Received: from [139.25.68.223] (linux-ses-ext02.ppmd.siemens.net [139.25.68.223]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id v72EtGvm013336; Wed, 2 Aug 2017 16:55:16 +0200 Subject: Re: Integration of Pseudo into Isar To: "[ext] Andreas Reichel" , isar-users@googlegroups.com References: <20170802132413.GA25215@iiotirae> From: Claudius Heine Message-ID: <83051e96-88d5-bb3f-e23d-a20d8d8681d2@siemens.com> Date: Wed, 2 Aug 2017 16:55:15 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170802132413.GA25215@iiotirae> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: SGXJ5xmI4NTk On 08/02/2017 03:24 PM, [ext] Andreas Reichel wrote: > # Integrating pseudo into isar > > Idea was to exchange `sudo` by `pseudo`. The function of `pseudo` is to > intercept system calls and file accesses by preloading a library. All > such operations are recorded in a database. For this to work, a > `PSEUDO_PREFIX` variable must be seet, which is `/` if `pseudo` is > installed to the default location. > > # Given test configuration # > > - Docker container based on debian 9 > - `multistrap` from Siemens Debian repository > - `pseudo` from Siemens Debian repository > > Using the following multistrap configuration named `simple-config`: > > ``` > [General] > unpack=true > bootstrap=Debian > aptsources=Debian > noauth=true > > [Debian] > packages= > source=http://ftp.de.debian.org/debian > suite=stretch > ``` > > Inside chroot (which is inside pseudo): > > ``` > # mkdir rootfs > # multistrap -f simple-config -d rootfs > ``` > > # Results # > > * Error during package configuration. (Cannot write to `/etc/ld.so.cache~`) > > This error can be tracked down to `ldconfig`. > It turned out that `ldconfig` is linked *statically*. Which means, its > file accesses cannot be intercepted by LDPRELOAD, which is only for > dynamically linked binaries. Thus, wether being in a pseudo chroot or > not, `ldconfig` will always access `/etc/ld.so.cache~` on the host, > which fails. > This is *NOT* a question of the Debian version and not a bug in `dpkg > --configure -a`, which calls `ldconfig` internally. > > * Extremely odd behaviour within `chroot` within `pseudo`: > > ``` > $ pseudo > # chroot rootfs > # export PATH=/sbin:/bin > # ldconfig > Can't create temporary cache file /etc/ld.so.cache~ > ``` > > Idea was then to rename `ldconfig` to `ldconfig_` and create a symbolic > link to `/bin/true` to mimic successful execution of `ldconfig`. > > ``` > $ sudo mv rootfs/sbin/ldconfig rootfs/sbin/ldconfig_ > $ sudo ln -s /bin/true rootfs/sbin/ldconfig > ``` > > Here, behavior becomes very odd: > > ``` > $ pseudo > # chroot rootfs > # export PATH=/sbin:/bin > # ldconfig > /bin/sh: 16: ldconfig: not found > ``` > Although it is in path... > ``` > # /sbin/ldconfig > /sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: > Permission denied > ``` I also tried using pseudo (from debian sid), with the same success: $ pseudo -V pseudo version 1.8.1 $ LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/pseudo/ PSEUDO_LOCALSTATEDIR=/tmp/pseudo pseudo -P / -d $ LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/pseudo/ PSEUDO_LOCALSTATEDIR=/tmp/pseudo pseudo -P / -R /mnt/ssd/nfs/rootfs/1 -v /bin/bash # rm /sbin/ldconfig # ls /sbin/ldconfig ls: cannot access '/sbin/ldconfig': No such file or directory # /sbin/ldconfig /sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied Also other commands don't really know if they are running in a chroot or outside of it: # apt update Ign:1 http://cdn-fastly.deb.debian.org/debian stretch InRelease Get:2 http://cdn-fastly.deb.debian.org/debian stretch Release [118 kB] Get:3 http://cdn-fastly.deb.debian.org/debian stretch Release.gpg [2,373 B] Get:4 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 Packages [7,095 kB] Get:5 http://cdn-fastly.deb.debian.org/debian stretch/main Translation-en [5,393 kB] Get:6 http://cdn-fastly.deb.debian.org/debian stretch/contrib amd64 Packages [50.9 kB] Get:7 http://cdn-fastly.deb.debian.org/debian stretch/contrib Translation-en [45.9 kB] Get:8 http://cdn-fastly.deb.debian.org/debian stretch/non-free amd64 Packages [77.9 kB] Get:9 http://cdn-fastly.deb.debian.org/debian stretch/non-free Translation-en [79.2 kB] Fetched 12.9 MB in 3s (3,524 kB/s) Reading package lists... Error! E: Could not open file /mnt/ssd/nfs/rootfs/1/var/lib/dpkg/status - open (2: No such file or directory) E: Problem opening /mnt/ssd/nfs/rootfs/1/var/lib/dpkg/status E: The package lists or status file could not be parsed or opened. So with this fail, what other options have we? - Fixing pseudo and/or reporting all bugs? - Using something else? - Fakeroot Only exists within the debian project anymore. Not sure which is the most current one: https://anonscm.debian.org/cgit/fakeroot/fakeroot.git http://packages.debian.org/fakeroot - Fakeroot-ng dead? http://fakeroot-ng.lingnu.com/ - proot Last commit over a year ago, but ?they? are writing currently a proot-rs port in rust. https://proot-me.github.io Something else? Cheers, Claudius