Re: PRoot experiments

[Alexander Smirnov <asmirnov@ilbers.de>]

Hi,

On 10/19/2017 01:07 PM, 'Ben Brenson' via isar-users wrote:
> Am Mittwoch, 18. Oktober 2017 14:29:45 UTC+2 schrieb Alexander Smirnov:
> 
>     Hi all,
> 
>     I've performed several experiments with PRoot:
> 
>     1. Generate multistrap filesystem:
> 
>     As reference I've used the following resource:
>     https://github.com/josch/polystrap/blob/master/polystrap.sh
>     <https://github.com/josch/polystrap/blob/master/polystrap.sh>
> 
>     So, I was able to run the following command without root permissions:
> 
>     $ PROOT_NO_SECCOMP=1 proot -0 /usr/sbin/multistrap -f
>     multistrap.conf -d
>     test
> 
>     After this command execution I have 'test' folder which looks quite
>     similar to one, generated with sudo (at least 'du -sm' is the same).
> 
>     2. Run commands in PRoot chroot:
> 
>     I'm successfully able to run PRoot chroot for various architectures:
> 
>     $ PROOT_NO_SECCOMP=1 proot -0 -r ./test /bin/bash
> 
>     Also I was able to run: 'dpkg --configure -a' in these chroots.
> 
>     3. Mount of various work folders:
> 
>     Mount forlder using PRoot seems also works good:
> 
>     $ PROOT_NO_SECCOMP=1 proot -0 -b /proc -b /dev -r ./test /bin/bash
> 
>     And in this chroot I have /proc and /dev mounted.
> 
> 
>     So, my brief conclusion is: PRoot could be a good option for Isar. It
>     seems that it's designed to support exact features that are required
>     for
>     Isar. :-)
> 
>     I'd like to try to implement simple PoC to test if *.deb package could
>     be generated in Isar without 'sudo'.
> 
>     BTW: PRoot is a part of standard Debian, so it could be installed via
>     'apt-get', no custom repos required.
> 
>     -- 
>     With best regards,
>     Alexander Smirnov
> 
> 
> 
> 
> Sounds nice...
> 
> What is the PROOT_NO_SECCOMP=1 for?

Don't remember exactly, I derived this as workaround from issues in 
PRoot guthub (will analyze it in details later). As I got it, there was 
some change related to ptrace systemcall in recent kernel and this 
option helps old PRoot to workaround this change. I use jessie on my 
host so my proot is quite old, probably in stretch this issue is already 
fixed.

Alex

> 
> Regards,
> Benedikt
> 
> -- 
> You received this message because you are subscribed to the Google 
> Groups "isar-users" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to isar-users+unsubscribe@googlegroups.com 
> <mailto:isar-users+unsubscribe@googlegroups.com>.
> To post to this group, send email to isar-users@googlegroups.com 
> <mailto:isar-users@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/isar-users/b0082bee-94d7-48c6-8582-93efc4171b59%40googlegroups.com 
> <https://groups.google.com/d/msgid/isar-users/b0082bee-94d7-48c6-8582-93efc4171b59%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.