From: Nick Craig-W. <ni...@me...> - 2004-07-14 13:31:06
|
On Tue, Jul 13, 2004 at 11:56:33PM -0700, Anthony Brock wrote: > I've started playing with placing the UML instances inside a chroot'ed > environment. So far, I have one instance that properly boots. However, I > have noticed some difficulties: > > 1) The UML produces a segmentation fault unless I mount a copy of /proc > inside the chroot environment. While I'm not familiar with the security > issues surrounding this, it doesn't seem like a good idea. It isn't! You can use mount --bind to mount individual files from proc (eg /proc/mm and /proc/cpuinfo) > 2) After leaving the process idle for a short time (less than 3 minutes) > just after boot, I attempted to logoff the console and see: > > asdf:~ # exit > logout > INIT: cannot fork, retry.. > INIT: cannot fork, retry.. > INIT: cannot fork, retry.. > INIT: cannot fork, retry.. > INIT: cannot fork, retry.. > > At this point, the UML appears to be frozen hard. I then loaded another > instance only to experience the same problem. > > Is this a known issue? I haven't seen it and we run all our UMLs chrooted. > Also, what special steps need to be taken to chroot the environment > of a UML? Ideas and information are greatly appreciated! It sounds like you are nearly there! Just make sure you've got everything UML needs, eg |-- dev <- copy of relevant device nodes | `-- net | `-- tun |-- linux <- linux binary hardlinked to one elsewhere |-- proc | |-- cpuinfo <- copied from real /proc | `-- mm <- mount --bind from real /proc |-- root_fs <- filesystem image |-- swap <- swap file `-- tmp <- an individually mounted and sized tmpfs If you want to use COW then you need to hardlink the master too. chrooting only works in SKAS mode BTW. Be very careful with the permissions of everything! -- Nick Craig-Wood Tel: 0800 195 4968 Net: ni...@me... Memset Ltd Web: http://www.memset.com |