diff options
Diffstat (limited to 'zarb-ml/mageia-dev/attachments/20121230')
6 files changed, 140 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.html b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.html new file mode 100644 index 000000000..1a6c56bed --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.html @@ -0,0 +1,37 @@ +<div class="gmail_quote">On 28 December 2012 00:17, Pascal Terjan <span dir="ltr"><<a href="mailto:pterjan@gmail.com" target="_blank">pterjan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +On Thu, Dec 27, 2012 at 10:55 AM, Guillaume Rousse<br> +<<a href="mailto:guillomovitch@gmail.com">guillomovitch@gmail.com</a>> wrote:<br> +> Le 27/12/2012 11:29, Pascal Terjan a écrit :<br> +><br> +>>> It seems like the systemd way of starting would be:<br> +>>> systemctl start openssh.service<br> +>>><br> +>>> But, then produces an error:<br> +>>><br> +>>> [root@localhost /]# systemctl start openssh.service<br> +>>> Running in chroot, ignoring request.<br> +>>><br> +>>><br> +>>> So, Any thoughts on what is the recommended way, and I'll be happy to<br> +>>> update the wiki to reflect this.<br> +>><br> +>><br> +>> Last time I tried, I gave up after various attempts and now went back<br> +>> to the basics: running "sshd" and killing it to stop it.<br> +>> Maybe I'll fetch some old initscript.<br> +><br> +> I guess using a specific unit file, using builtin systemd chroot support,<br> +> should help. See <a href="http://0pointer.de/blog/projects/changing-roots" target="_blank">http://0pointer.de/blog/projects/changing-roots</a> for<br> +> details.<br> +<br> +Yes having an unit outside of the chroot with<br> +RootDirectoryStartOnly=yes would probably help (I had tried the "full<br> +system" chroot and couldn't get it to work and gave up after an hour)<br> +but this is annoying to not be able to start a daemon from inside the<br> +chroot which is what I usually want to do.<br> +</blockquote></div><br><br>Well, good to see I am not the only one that can't get the chroot to work anymore.<br>So, I suggest, for the minute, I edit the wiki to explain that the chroot does not work.<br>I am open to suggestions as to what it should recommend? maybe using a full<br> +virtual machine?<br><br>What I have found so far is, using the two attached files, in the following locations:<br>/lib/systemd/system/sshd-mageia3.service<br>/usr/local/bin/setup-cauldron-chroot.sh<br><br>setup fstab: echo 'none /mnt/chroot/cauldron/dev/pts devpts defaults 0 0' >> /etc/fstab<br> +<br>Then, the chroot sshd can be started, using:<br>systemctl enable sshd-mageia3.service<br>systemctl start sshd-mageia3.service<br><br>which will start a chroot, but.. it's not ideal.. It sees mount points from the host (/proc/mounts)<br> +and of course, processes.<br><br><br>The recommended approach according to systemd, appears to be systemd-nspawn.<br>This may be viable, when systemd-nspawn is updated beyond the version in Mageia 2.<br>It does not currently work, because dbus won't start, see bug: <br> +<a href="https://bugzilla.redhat.com/show_bug.cgi?id=795038">https://bugzilla.redhat.com/show_bug.cgi?id=795038</a>. The work around mentioned is<br>not supported in the version of systemd-nspawn that Mageia 2 uses. This looks like<br> +it would work for Mageia3.<br><br>Glen<br><br><br><br><br><br><br><br><br> diff --git a/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.obj b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.obj new file mode 100644 index 000000000..33d0958d6 --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.obj @@ -0,0 +1,18 @@ +[Unit] +Description=OpenSSH server daemon in chroot +After=syslog.target network.target auditd.service + +[Service] +RootDirectory=/mnt/chroot/cauldron +# EnvironmentFile=/etc/sysconfig/sshd +ExecStartPre=/usr/local/bin/setup-cauldron-chroot.sh start +ExecStopPost=/usr/local/bin/setup-cauldron-chroot.sh stop +# ExecStart=/usr/sbin/sshd -D $OPTIONS +ExecStart=/usr/sbin/sshd -D +ExecReload=/bin/kill -HUP $MAINPID +RootDirectoryStartOnly=yes + +[Install] +WantedBy=multi-user.target + +# ExecStartPre=/usr/sbin/sshd-keygen
\ No newline at end of file diff --git a/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.sh b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.sh new file mode 100644 index 000000000..746a76804 --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment-0001.sh @@ -0,0 +1,15 @@ +#!/bin/bash +if [[ "$1" == "start" ]]; then + cp -f /etc/resolv.conf /mnt/chroot/cauldron/etc/ + mount -o bind /proc /mnt/chroot/cauldron/proc + mount -o bind /dev /mnt/chroot/cauldron/dev + mount /mnt/chroot/cauldron/dev/pts + mount -o bind /sys /mnt/chroot/cauldron/sys +fi + +if [[ "$1" == "stop" ]]; then + umount /mnt/chroot/cauldron/proc + umount /mnt/chroot/cauldron/dev/pts + umount /mnt/chroot/cauldron/sys + umount /mnt/chroot/cauldron/dev +fi
\ No newline at end of file diff --git a/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.html b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.html new file mode 100644 index 000000000..1a6c56bed --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.html @@ -0,0 +1,37 @@ +<div class="gmail_quote">On 28 December 2012 00:17, Pascal Terjan <span dir="ltr"><<a href="mailto:pterjan@gmail.com" target="_blank">pterjan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +On Thu, Dec 27, 2012 at 10:55 AM, Guillaume Rousse<br> +<<a href="mailto:guillomovitch@gmail.com">guillomovitch@gmail.com</a>> wrote:<br> +> Le 27/12/2012 11:29, Pascal Terjan a écrit :<br> +><br> +>>> It seems like the systemd way of starting would be:<br> +>>> systemctl start openssh.service<br> +>>><br> +>>> But, then produces an error:<br> +>>><br> +>>> [root@localhost /]# systemctl start openssh.service<br> +>>> Running in chroot, ignoring request.<br> +>>><br> +>>><br> +>>> So, Any thoughts on what is the recommended way, and I'll be happy to<br> +>>> update the wiki to reflect this.<br> +>><br> +>><br> +>> Last time I tried, I gave up after various attempts and now went back<br> +>> to the basics: running "sshd" and killing it to stop it.<br> +>> Maybe I'll fetch some old initscript.<br> +><br> +> I guess using a specific unit file, using builtin systemd chroot support,<br> +> should help. See <a href="http://0pointer.de/blog/projects/changing-roots" target="_blank">http://0pointer.de/blog/projects/changing-roots</a> for<br> +> details.<br> +<br> +Yes having an unit outside of the chroot with<br> +RootDirectoryStartOnly=yes would probably help (I had tried the "full<br> +system" chroot and couldn't get it to work and gave up after an hour)<br> +but this is annoying to not be able to start a daemon from inside the<br> +chroot which is what I usually want to do.<br> +</blockquote></div><br><br>Well, good to see I am not the only one that can't get the chroot to work anymore.<br>So, I suggest, for the minute, I edit the wiki to explain that the chroot does not work.<br>I am open to suggestions as to what it should recommend? maybe using a full<br> +virtual machine?<br><br>What I have found so far is, using the two attached files, in the following locations:<br>/lib/systemd/system/sshd-mageia3.service<br>/usr/local/bin/setup-cauldron-chroot.sh<br><br>setup fstab: echo 'none /mnt/chroot/cauldron/dev/pts devpts defaults 0 0' >> /etc/fstab<br> +<br>Then, the chroot sshd can be started, using:<br>systemctl enable sshd-mageia3.service<br>systemctl start sshd-mageia3.service<br><br>which will start a chroot, but.. it's not ideal.. It sees mount points from the host (/proc/mounts)<br> +and of course, processes.<br><br><br>The recommended approach according to systemd, appears to be systemd-nspawn.<br>This may be viable, when systemd-nspawn is updated beyond the version in Mageia 2.<br>It does not currently work, because dbus won't start, see bug: <br> +<a href="https://bugzilla.redhat.com/show_bug.cgi?id=795038">https://bugzilla.redhat.com/show_bug.cgi?id=795038</a>. The work around mentioned is<br>not supported in the version of systemd-nspawn that Mageia 2 uses. This looks like<br> +it would work for Mageia3.<br><br>Glen<br><br><br><br><br><br><br><br><br> diff --git a/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.obj b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.obj new file mode 100644 index 000000000..33d0958d6 --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.obj @@ -0,0 +1,18 @@ +[Unit] +Description=OpenSSH server daemon in chroot +After=syslog.target network.target auditd.service + +[Service] +RootDirectory=/mnt/chroot/cauldron +# EnvironmentFile=/etc/sysconfig/sshd +ExecStartPre=/usr/local/bin/setup-cauldron-chroot.sh start +ExecStopPost=/usr/local/bin/setup-cauldron-chroot.sh stop +# ExecStart=/usr/sbin/sshd -D $OPTIONS +ExecStart=/usr/sbin/sshd -D +ExecReload=/bin/kill -HUP $MAINPID +RootDirectoryStartOnly=yes + +[Install] +WantedBy=multi-user.target + +# ExecStartPre=/usr/sbin/sshd-keygen
\ No newline at end of file diff --git a/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.sh b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.sh new file mode 100644 index 000000000..746a76804 --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20121230/8de0fa69/attachment.sh @@ -0,0 +1,15 @@ +#!/bin/bash +if [[ "$1" == "start" ]]; then + cp -f /etc/resolv.conf /mnt/chroot/cauldron/etc/ + mount -o bind /proc /mnt/chroot/cauldron/proc + mount -o bind /dev /mnt/chroot/cauldron/dev + mount /mnt/chroot/cauldron/dev/pts + mount -o bind /sys /mnt/chroot/cauldron/sys +fi + +if [[ "$1" == "stop" ]]; then + umount /mnt/chroot/cauldron/proc + umount /mnt/chroot/cauldron/dev/pts + umount /mnt/chroot/cauldron/sys + umount /mnt/chroot/cauldron/dev +fi
\ No newline at end of file |