From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6478227101770055680 X-Received: by 10.223.171.237 with SMTP id s100mr124841wrc.31.1508408072171; Thu, 19 Oct 2017 03:14:32 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.28.45.68 with SMTP id t65ls1257521wmt.8.gmail; Thu, 19 Oct 2017 03:14:31 -0700 (PDT) X-Google-Smtp-Source: ABhQp+TrytB85RSCHJn9nDRZAhFfgB9/9tTrol1Bc2pD64jn2mFkS7cSeQ8vh/GML8HhdyBkKw8R X-Received: by 10.223.186.140 with SMTP id p12mr121686wrg.16.1508408071872; Thu, 19 Oct 2017 03:14:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508408071; cv=none; d=google.com; s=arc-20160816; b=hhA/2RuxC8HB2+XlBkT8tLApXlu1dh7oID6grrrdNPLfOjo3HRAP4M72lFewkcZobW N+yFtUgF43iRSbtamZzKocqAfnwlGCM0YQlJXIv//nTKyVA66nuVNSybueV9Rt9mQwXE DTXnX2glKD2wwfykr+cb0L3zM24XitQQT+FGoWYcLAc0NBDRo5kQIsiWaxgxiNbR21rH Pt+2YV7zVRidgu+9kG3rTbiNFwVG33FI9Rpb65+RCHUA49m3SebXtQ7+8bQjTw1FhRu9 s3sjO7ghhfmwPj/R19ttTc/xaeWbnIb9urivycLsw2ASTbg90LETAaOcb/28cVpm1ksu 8YhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject :arc-authentication-results; bh=Rz6UInknxsnkTJVI+EL7n+GsxaLfXaFAFF829GuS27E=; b=Fs7BM+ErnrKnd9zd1NLl6QQi13FNX+KYbINXoeAQq8obERAIYDUU6vjhNmUiIVbAjm o5P/va3rglUSzA9ENXDNNihef3bntGZ17aGrPxo4u9E9HRjSF+yr4SGGJBSSwtX7tjyB gI7VETux4WrzPls6TXpUv4bnNLfev6UkNo+RFe8U1rb0WPTkvWg86w78P8Nku1rVhlI3 ewlOj6GwRnkzAbWU59P/7OhI6rptDm7n7KTbSGJipkDVpT+yUMJWSfNYXsWWJeERi3tp a00m9AIlGrNEt7Uv7yhHngNp1kBYNL5JOyYNCUmXEiA/ojD1O6dZoXcCrQ8EOFyb9P1C 88Sg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de Return-Path: Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211]) by gmr-mx.google.com with ESMTPS id f8si162319wrf.0.2017.10.19.03.14.31 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Oct 2017 03:14:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) client-ip=85.214.62.211; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de Received: from [10.0.2.15] ([188.227.110.165]) (authenticated bits=0) by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v9JAEScS023049 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 19 Oct 2017 12:14:30 +0200 Subject: Re: PRoot experiments To: Ben Brenson , isar-users References: <0b129e7e-f633-70d8-34fe-07cbb34fac13@ilbers.de> From: Alexander Smirnov Message-ID: <99059b0d-4a58-eda2-65d3-91dc96ba2bd0@ilbers.de> Date: Thu, 19 Oct 2017 13:14:22 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: +X5Mu1dlDXML Hi, On 10/19/2017 01:07 PM, 'Ben Brenson' via isar-users wrote: > Am Mittwoch, 18. Oktober 2017 14:29:45 UTC+2 schrieb Alexander Smirnov: > > Hi all, > > I've performed several experiments with PRoot: > > 1. Generate multistrap filesystem: > > As reference I've used the following resource: > https://github.com/josch/polystrap/blob/master/polystrap.sh > > > So, I was able to run the following command without root permissions: > > $ PROOT_NO_SECCOMP=1 proot -0 /usr/sbin/multistrap -f > multistrap.conf -d > test > > After this command execution I have 'test' folder which looks quite > similar to one, generated with sudo (at least 'du -sm' is the same). > > 2. Run commands in PRoot chroot: > > I'm successfully able to run PRoot chroot for various architectures: > > $ PROOT_NO_SECCOMP=1 proot -0 -r ./test /bin/bash > > Also I was able to run: 'dpkg --configure -a' in these chroots. > > 3. Mount of various work folders: > > Mount forlder using PRoot seems also works good: > > $ PROOT_NO_SECCOMP=1 proot -0 -b /proc -b /dev -r ./test /bin/bash > > And in this chroot I have /proc and /dev mounted. > > > So, my brief conclusion is: PRoot could be a good option for Isar. It > seems that it's designed to support exact features that are required > for > Isar. :-) > > I'd like to try to implement simple PoC to test if *.deb package could > be generated in Isar without 'sudo'. > > BTW: PRoot is a part of standard Debian, so it could be installed via > 'apt-get', no custom repos required. > > -- > With best regards, > Alexander Smirnov > > > > > Sounds nice... > > What is the PROOT_NO_SECCOMP=1 for? Don't remember exactly, I derived this as workaround from issues in PRoot guthub (will analyze it in details later). As I got it, there was some change related to ptrace systemcall in recent kernel and this option helps old PRoot to workaround this change. I use jessie on my host so my proot is quite old, probably in stretch this issue is already fixed. Alex > > Regards, > Benedikt > > -- > You received this message because you are subscribed to the Google > Groups "isar-users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to isar-users+unsubscribe@googlegroups.com > . > To post to this group, send email to isar-users@googlegroups.com > . > To view this discussion on the web visit > https://groups.google.com/d/msgid/isar-users/b0082bee-94d7-48c6-8582-93efc4171b59%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout.