mailing list of musl libc
 help / color / mirror / code / Atom feed
* super_chroot - replacement for chroot for building dists
@ 2013-08-01  0:37 Rich Felker
  2013-08-05  5:45 ` Rob Landley
  0 siblings, 1 reply; 2+ messages in thread
From: Rich Felker @ 2013-08-01  0:37 UTC (permalink / raw)
  To: musl

[-- Attachment #1: Type: text/plain, Size: 719 bytes --]

Attached is a very simplified proof-of-concept for a tool that will
allow building musl-based dists without the need for root privileges.
It needs Linux 3.8 or newer (with user namespaces), but nothing else,
and should work whether compiled against musl or glibc. I'm hoping
this will be able to be adopted by some (most) of the musl-based dists
as an alternative to the current enter_chroot approach, so that it
becomes possible to build on systems where root access is not
available or where policy would prohibit use of root for building.

Note that if you're using an early 3.8 series kernel, you should
probably upgrade, as the technique used in this tool provides a
trivial way to get root on many systems.

Rich

[-- Attachment #2: super_chroot.c --]
[-- Type: text/plain, Size: 637 bytes --]

#define _GNU_SOURCE
#include <sched.h>
#include <stdio.h>
#include <unistd.h>
#include <signal.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/mount.h>

int main(int argc, char **argv)
{
	uid_t uid = getuid();
	uid_t gid = getgid();

	unshare(CLONE_NEWUSER|CLONE_NEWNS);

	int fd = open("/proc/self/uid_map", O_RDWR);
	dprintf(fd, "%u %u 1\n", 0, uid);
	close(fd);
	fd = open("/proc/self/gid_map", O_RDWR);
	dprintf(fd, "%u %u 1\n", 0, gid);
	close(fd);

	setgroups(0, 0);

	chdir(argv[1]);
	mount("/dev", "./dev", 0, MS_BIND|MS_REC, 0);
	mount("/proc", "./proc", 0, MS_BIND|MS_REC, 0);
	chroot(".");

	execv(argv[2], argv+2);
}

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: super_chroot - replacement for chroot for building dists
  2013-08-01  0:37 super_chroot - replacement for chroot for building dists Rich Felker
@ 2013-08-05  5:45 ` Rob Landley
  0 siblings, 0 replies; 2+ messages in thread
From: Rob Landley @ 2013-08-05  5:45 UTC (permalink / raw)
  To: musl; +Cc: musl

On 07/31/2013 07:37:41 PM, Rich Felker wrote:
> Attached is a very simplified proof-of-concept for a tool that will
> allow building musl-based dists without the need for root privileges.
> It needs Linux 3.8 or newer (with user namespaces), but nothing else,
> and should work whether compiled against musl or glibc. I'm hoping
> this will be able to be adopted by some (most) of the musl-based dists
> as an alternative to the current enter_chroot approach, so that it
> becomes possible to build on systems where root access is not
> available or where policy would prohibit use of root for building.

Aboriginal doesn't use root. It cross compiles as a normal user,  
packages as a normal user, and then launches qemu or kvm as a normal  
user. (The previous iteration used user mode linux before qemu was  
viable; this only supported x86 targets.)

FYI,

Rob

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-08-05  5:45 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-01  0:37 super_chroot - replacement for chroot for building dists Rich Felker
2013-08-05  5:45 ` Rob Landley

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).