[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lmi] Creating a chroot for cross-building lmi
|
From: |
Greg Chicares |
|
Subject: |
Re: [lmi] Creating a chroot for cross-building lmi |
|
Date: |
Sat, 24 Sep 2016 13:20:48 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.8.0 |
On 2016-09-02 01:31, Greg Chicares wrote:
> Here, between scissors lines, is a quasi-script that successfully
> creates a debian-8 chroot and cross-builds lmi for msw there.
[...]
> --------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
>
> # Substitute your system's $DISPLAY below:
>
> cat >/home/greg/.zshrc <<\EOF
[...]
> # At a regular user prompt, outside the chroot, do this:
> # $ echo $DISPLAY
> # and replace :0.0 below with the string it returns:
> export DISPLAY=":0.0"
Now that I have a usable "plain" schroot, I'm going over all these setup
steps...and I question whether the one above one is necessary. At some
point, 'wine' failed to run lmi's GUI, so I followed this advice:
https://help.ubuntu.com/community/BasicChroot#Accessing_graphical_applications_inside_the_chroot
| You can run graphical applications within a chroot, but you need to
| provide an X server for them to run in first. ... in the chroot shell type
| export DISPLAY=:0.0
| And in the system shell type
| xhost +
[Actually, I used 'xhost +local:' instead, for security.]
However, now I think that's unnecessary--I just tried this:
(host) $xhost -
access control enabled, only authorized clients can connect
(guest schroot) $unset $DISPLAY
(guest schroot) $wine ./lmi_wx_shared.exe --ash_nazg --data_path=../data
and lmi's GUI worked. Am I missing something?
Perhaps that online advice is needed for 'chroot' as opposed to 'schroot'?
Apparently not, because this article:
https://wiki.debian.org/Schroot
gives similar advice.
Maybe the advice is intended to support a chroot user who has no X privileges?
I know that at one point I tried restricting my schroot to an unprivileged
user, so perhaps that's the reason why I ever needed this advice (I don't
really remember).
Later, I decided to use the chroot as my normal user (with the same numeric
uid). I've installed 'wine' only inside chroots. I guess this exposes me to
an attack from msw malware that knows how to break out of a chroot using
only the API that 'wine' presents, in which case it could...access my home
directory on the host. I don't see any significant risk there, because the
only msw programs I'm downloading are programming tools, which are all
verified by md5sum before use; there's no internet browser or email program
in the chroot; and I'm deliberately not using binfmt to make msw programs
executable without explicitly invoking wine. But am I being naive?
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], (continued)
Re: [lmi] Creating a chroot for cross-building lmi, Greg Chicares, 2016/09/25
Re: [lmi] Creating a chroot for cross-building lmi, Greg Chicares, 2016/09/25
Re: [lmi] Creating a chroot for cross-building lmi, Greg Chicares, 2016/09/26
Re: [lmi] Creating a chroot for cross-building lmi, Greg Chicares, 2016/09/26
Re: [lmi] Creating a chroot for cross-building lmi,
Greg Chicares <=