1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] starting openssh inside a chroot, as per mageia wiki
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20starting%20openssh%20inside%20a%20chroot%2C%0A%09as%20per%20mageia%20wiki&In-Reply-To=%3CCAGmz6yjFZHupZeaNrjR7vTC5Q7gP7n2sTs2RsyE12ebimar6xg%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="020969.html">
<LINK REL="Next" HREF="020951.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] starting openssh inside a chroot, as per mageia wiki</H1>
<B>Glen Ogilvie</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20starting%20openssh%20inside%20a%20chroot%2C%0A%09as%20per%20mageia%20wiki&In-Reply-To=%3CCAGmz6yjFZHupZeaNrjR7vTC5Q7gP7n2sTs2RsyE12ebimar6xg%40mail.gmail.com%3E"
TITLE="[Mageia-dev] starting openssh inside a chroot, as per mageia wiki">nelg at linuxsolutions.co.nz
</A><BR>
<I>Sun Dec 30 09:26:54 CET 2012</I>
<P><UL>
<LI>Previous message: <A HREF="020969.html">[Mageia-dev] starting openssh inside a chroot, as per mageia wiki
</A></li>
<LI>Next message: <A HREF="020951.html">[Mageia-dev] rpmlib(TildeInVersions)
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#21039">[ date ]</a>
<a href="thread.html#21039">[ thread ]</a>
<a href="subject.html#21039">[ subject ]</a>
<a href="author.html#21039">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On 28 December 2012 00:17, Pascal Terjan <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">pterjan at gmail.com</A>> wrote:
><i> On Thu, Dec 27, 2012 at 10:55 AM, Guillaume Rousse
</I>><i> <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">guillomovitch at gmail.com</A>> wrote:
</I>><i> > Le 27/12/2012 11:29, Pascal Terjan a écrit :
</I>><i> >
</I>><i> >>> It seems like the systemd way of starting would be:
</I>><i> >>> systemctl start openssh.service
</I>><i> >>>
</I>><i> >>> But, then produces an error:
</I>><i> >>>
</I>><i> >>> [<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">root at localhost</A> /]# systemctl start openssh.service
</I>><i> >>> Running in chroot, ignoring request.
</I>><i> >>>
</I>><i> >>>
</I>><i> >>> So, Any thoughts on what is the recommended way, and I'll be happy to
</I>><i> >>> update the wiki to reflect this.
</I>><i> >>
</I>><i> >>
</I>><i> >> Last time I tried, I gave up after various attempts and now went back
</I>><i> >> to the basics: running "sshd" and killing it to stop it.
</I>><i> >> Maybe I'll fetch some old initscript.
</I>><i> >
</I>><i> > I guess using a specific unit file, using builtin systemd chroot support,
</I>><i> > should help. See <A HREF="http://0pointer.de/blog/projects/changing-roots">http://0pointer.de/blog/projects/changing-roots</A> for
</I>><i> > details.
</I>><i>
</I>><i> Yes having an unit outside of the chroot with
</I>><i> RootDirectoryStartOnly=yes would probably help (I had tried the "full
</I>><i> system" chroot and couldn't get it to work and gave up after an hour)
</I>><i> but this is annoying to not be able to start a daemon from inside the
</I>><i> chroot which is what I usually want to do.
</I>><i>
</I>
Well, good to see I am not the only one that can't get the chroot to work
anymore.
So, I suggest, for the minute, I edit the wiki to explain that the chroot
does not work.
I am open to suggestions as to what it should recommend? maybe using a full
virtual machine?
What I have found so far is, using the two attached files, in the following
locations:
/lib/systemd/system/sshd-mageia3.service
/usr/local/bin/setup-cauldron-chroot.sh
setup fstab: echo 'none /mnt/chroot/cauldron/dev/pts devpts defaults 0 0'
>><i> /etc/fstab
</I>
Then, the chroot sshd can be started, using:
systemctl enable sshd-mageia3.service
systemctl start sshd-mageia3.service
which will start a chroot, but.. it's not ideal.. It sees mount points
from the host (/proc/mounts)
and of course, processes.
The recommended approach according to systemd, appears to be systemd-nspawn.
This may be viable, when systemd-nspawn is updated beyond the version in
Mageia 2.
It does not currently work, because dbus won't start, see bug:
<A HREF="https://bugzilla.redhat.com/show_bug.cgi?id=795038.">https://bugzilla.redhat.com/show_bug.cgi?id=795038.</A> The work around
mentioned is
not supported in the version of systemd-nspawn that Mageia 2 uses. This
looks like
it would work for Mageia3.
Glen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-dev/attachments/20121230/8de0fa69/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd-mageia3.service
Type: application/octet-stream
Size: 507 bytes
Desc: not available
URL: </pipermail/mageia-dev/attachments/20121230/8de0fa69/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: setup-cauldron-chroot.sh
Type: application/x-sh
Size: 449 bytes
Desc: not available
URL: </pipermail/mageia-dev/attachments/20121230/8de0fa69/attachment.sh>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="020969.html">[Mageia-dev] starting openssh inside a chroot, as per mageia wiki
</A></li>
<LI>Next message: <A HREF="020951.html">[Mageia-dev] rpmlib(TildeInVersions)
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#21039">[ date ]</a>
<a href="thread.html#21039">[ thread ]</a>
<a href="subject.html#21039">[ subject ]</a>
<a href="author.html#21039">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|