Re: Idea: about package installation under chroot.

G'day, just saw the discussion about chroot stuff and avoiding starting daemons/ mounting proc etc. The lessdisks package has a "lessdisks-chroot" command that does all this for you. I believe it diverts start-stop-daemon so that it fakes starting/stopping the daemons. -- Donovan Baarda <[EMAI

Re: Idea: about package installation under chroot.

Hello On Thu, Mar 24, 2005 at 02:54:40PM -0300, Jorge L. deLyra wrote: > Dear Debian developers, > > I would like to consult the developer community on the following issue. > > Here is the story: Debian packages including daemons may be a problem for > people installing them via chroot, due to t

Re: Idea: about package installation under chroot.

Adeodato Simà wrote: > # test -r /proc/1/root || echo "Inside a chroot" What if an postinst script at some point drops privs to a non-root user and grsec is preventing it from reading any process' info other than its own user's? Also, as pointed out earlier this wouldn't work on HURD. signatu

Re: Idea: about package installation under chroot.

Wouter Verhelst <[EMAIL PROTECTED]> writes: > Additionally, other kernels (such as the FreeBSD kernel) that do have > a /proc do not have it functionally overloaded like the Linux one. That's an excellent point. While it's likely that a /proc filesystem will be written for the Hurd, it's very un

Re: Idea: about package installation under chroot.

Well, just reporting that this whole instructive interchange resulted in my using in the remote-boot nodes of our clusters the policy-rc.d script #!/bin/bash test -x /sbin/runlevel || exit 101 if [ "`/sbin/runlevel`" == "unknown" ] ; then exit 101 fi exit 0 It solved the problem with rwhod in

Re: Idea: about package installation under chroot.

Op do, 24-03-2005 te 20:01 +0100, schreef Daniel Baumann: > Josselin Mouette wrote: > > I don't know whether we have ports without /proc, > > the Hurd has no /proc. Additionally, other kernels (such as the FreeBSD kernel) that do have a /proc do not have it functionally overloaded like the Linux

Re: Idea: about package installation under chroot.

> "Jorge" == Jorge L deLyra <[EMAIL PROTECTED]> writes: Jorge> /etc/init.d/ start Jorge> in its postinstall script to start that daemon. I was not Jorge> talking about booting a system, but about using a chroot Jorge> shell to install packages in the filesystem structure of a

Re: Idea: about package installation under chroot.

Florian Ernst wrote: > echo -e '#!/bin/sh\n\nexit 101' > /chroot/usr/sbin/policy-rc.d \ > && chmod a+x /chroot/usr/sbin/policy-rc.d > > as mentioned by Steve Langasek in > . Would someone like to package this? (No, I'm not really kiddin

Re: Idea: about package installation under chroot.

* Jorge L. deLyra [Thu, 24 Mar 2005 14:54:40 -0300]: > test -e /proc/mounts || exit 0 Others have already pointed out that a policy-rc.d script is the way to do what you want. Still, I thought I'd share a way of testing if you're inside a chroot even if /proc is mounted. IIRC, it was LaM

Re: Idea: about package installation under chroot.

"Jorge L. deLyra" <[EMAIL PROTECTED]> writes: > OK, I read you. Your message gave me the impression that something like it > was already in place. That meaning doesn't have to be "this is a chroot", > but just "don't start daemons", for whatever reasons there may be for that > in any particular c

Re: Idea: about package installation under chroot.

Scripsit "Jorge L. deLyra" <[EMAIL PROTECTED]> >> zless /usr/share/doc/sysv-rc/README.policy-rc.d.gz > I was not aware of this structure, but it seems to relate to controlling > the start of damons during boot or changes in runlevel. I do not see how > this will prevent a package that has a > /e

Re: Idea: about package installation under chroot.

> I think you miss my point. > > Rather than keying "restart daemons" to /proc (who would ever guess > that?!), I'm saying create something *new*, that means "this is a > chroot, don't restart demons". OK, I read you. Your message gave me the impression that something like it was already in place.

Re: Idea: about package installation under chroot.

> At least some of these packages call /etc/init.d/ start *only* if > invoke-rc.d cannot be found. Ah! This is another way how I miscounted them, since I just seached for instances of /etc/init.d/ being executed... Cheers, --

Re: Idea: about package installation under chroot.

> Pray tell, how was this list generated? The three examples that I picked > at random all use invoke-rc.d. [Two of which because they use debhelper > to do the invoking.] Oh, I see. Looks like I did a poor job here. I just searched for instances of /etc/init.d/something being executed. So, I take

Re: Idea: about package installation under chroot.

"Jorge L. deLyra" <[EMAIL PROTECTED]> writes: > > But you might need /proc. > > Well, I am starting to see that this might not be a good way to solve the > problem but, still, if you need it, just mount it, and be aware that some > daemons may come up and down on the server if you install or upgr

Re: Idea: about package installation under chroot.

> But you might need /proc. Well, I am starting to see that this might not be a good way to solve the problem but, still, if you need it, just mount it, and be aware that some daemons may come up and down on the server if you install or upgrade some package in these circumstances. If you do not ne

Re: Idea: about package installation under chroot.

On Thu, Mar 24, 2005 at 08:58:22PM -0300, Jorge L. deLyra wrote: > > > I was not aware of this structure, but it seems to relate to controlling > > > the start of damons during boot or changes in runlevel. I do not see how > > > this will prevent a package that has a > > > > > > /etc/init.d/ start

Re: Idea: about package installation under chroot.

On Thu, 24 Mar 2005, Jorge L. deLyra wrote: > nfs-kernel-server This uses invoke-rc.d: invoke-rc.d nfs-kernel-server $act > ntp-server invoke-rc.d ntp-server start || exit 0 > ntpdate as does this: invoke-rc.d ntpdate start || exit 0 Pray tell, how was this list generated? The three examp

Re: Idea: about package installation under chroot.

> > Is there some other, better solution to this problem? > > echo -e '#!/bin/sh\n\nexit 101' > /chroot/usr/sbin/policy-rc.d \ > && chmod a+x /chroot/usr/sbin/policy-rc.d > > as mentioned by Steve Langasek in > . OK, I got to this point:

Re: Idea: about package installation under chroot.

> > I was not aware of this structure, but it seems to relate to controlling > > the start of damons during boot or changes in runlevel. I do not see how > > this will prevent a package that has a > > > > /etc/init.d/ start > Well if they do they won't work on file-rc system , so are already broken

Re: Idea: about package installation under chroot.

"Jorge L. deLyra" <[EMAIL PROTECTED]> writes: > > There is nothing wrong with mounting /proc in a chroot; you should not > > assume that chroots all lack /proc. > > Yes, I know, and I'm not. But it would be nice if one could prevent the > packages from starting the daemons by simply choosing not

Re: Idea: about package installation under chroot.

On Thu, Mar 24, 2005 at 07:42:01PM +0100, Josselin Mouette wrote: > Le jeudi 24 mars 2005 ?? 14:54 -0300, Jorge L. deLyra a ??crit : > > Now, all this can be avoided very simply by a line in the init.d/ script > > for the daemon, checking that /proc is mounted. Since it will be mounted > > on norma

Re: Idea: about package installation under chroot.

> There is nothing wrong with mounting /proc in a chroot; you should not > assume that chroots all lack /proc. Yes, I know, and I'm not. But it would be nice if one could prevent the packages from starting the daemons by simply choosing not to mount /proc in the chroot.

Re: Idea: about package installation under chroot.

> I was not aware of this structure, but it seems to relate to controlling > the start of damons during boot or changes in runlevel. I do not see how > this will prevent a package that has a > > /etc/init.d/ start Well if they do they won't work on file-rc system , so are already broken ... Alban

Re: Idea: about package installation under chroot.

"Jorge L. deLyra" <[EMAIL PROTECTED]> writes: > Now, all this can be avoided very simply by a line in the init.d/ script > for the daemon, checking that /proc is mounted. Since it will be mounted > on normal systems but typically not when using a chroot shell, it serves > as a flag to enable the d

Re: Idea: about package installation under chroot.

On Thu, Mar 24, 2005 at 02:54:40PM -0300, Jorge L. deLyra wrote: > Installation via chroot can be very useful for embedded systems, and also > for diskless machines that boot remotely from a server and mount the root > via NFS. If a package is being installed via chroot running in the server > it d

Re: Idea: about package installation under chroot.

On Thu, 24 Mar 2005, Jorge L. deLyra wrote: > > Write a policy-rc.d script for the chroot that denies starting either > > the particular demon or all demons in general. > > > > zless /usr/share/doc/sysv-rc/README.policy-rc.d.gz > > I was not aware of this structure, but it seems to relate to > con

Re: Idea: about package installation under chroot.

Josselin Mouette wrote: I don't know whether we have ports without /proc, the Hurd has no /proc. Regards, Daniel -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBS

Re: Idea: about package installation under chroot.

> Write a policy-rc.d script for the chroot that denies starting either > the particular demon or all demons in general. > > zless /usr/share/doc/sysv-rc/README.policy-rc.d.gz I was not aware of this structure, but it seems to relate to controlling the start of damons during boot or changes in run

Re: Idea: about package installation under chroot.

Scripsit "Jorge L. deLyra" <[EMAIL PROTECTED]> > Although most packages do in fact survive this process, in the sense that > the installation completes despite some errors when stopping and starting > daemons, some do cause the package tools to exit in error, leaving behind > a broken package. One

Re: Idea: about package installation under chroot.

Hello! On Thu, Mar 24, 2005 at 02:54:40PM -0300, Jorge L. deLyra wrote: > Here is the story: Debian packages including daemons may be a problem for > people installing them via chroot, due to the fact that the packages will > typically try to stop and restart the daemons. In fact, this can interac

Re: Idea: about package installation under chroot.

Le jeudi 24 mars 2005 Ã 14:54 -0300, Jorge L. deLyra a Ãcrit : > Now, all this can be avoided very simply by a line in the init.d/ script > for the daemon, checking that /proc is mounted. Since it will be mounted > on normal systems but typically not when using a chroot shell, it serves > as a flag