From: Tushar J. <tj...@lo...> - 2001-07-31 16:28:28
|
I was wondering if there is a way to use HostFS for a UML system but somehow restrict what directories the UML can mount (a bit like /etc/exports). Since I'd like to boot the UML system from a directory structure on the main system rather than a single file, but for this you need hostfs compiled into the UML kernel, at then this allows anyone on the UML system to mount any other directory (incl / ) in the UML system. Thanks Tushar |
From: William S. <wst...@po...> - 2001-07-31 19:34:56
|
Good day, Tushar, On Tue, 31 Jul 2001, Tushar Joshi wrote: > I was wondering if there is a way to use HostFS for a UML system but > somehow restrict what directories the UML can mount (a bit like > /etc/exports). Since I'd like to boot the UML system from a directory > structure on the main system rather than a single file, but for this you > need hostfs compiled into the UML kernel, at then this allows anyone on the > UML system to mount any other directory (incl / ) in the UML system. This might not be a perfect general solution, but one approach is to start UML chrooted. Pick the highest directory level you'll need to see from inside UML and chroot to that in starting up the uml binary. Example: [wstearns@sparrow 01-06-roots]$ pwd /home/wstearns/uml/01-06-roots I don't want UML to see anything higher than /home/wstearns/uml. We need a few directories on the host for chroot and uml to work: [wstearns@sparrow 01-06-roots]$ mkdir /home/wstearns/uml/tmp [wstearns@sparrow 01-06-roots]$ chmod 1777 /home/wstearns/uml/tmp [wstearns@sparrow 01-06-roots]$ mkdir /home/wstearns/uml/proc [wstearns@sparrow 01-06-roots]$ sudo mount -t proc none /home/wstearns/uml/proc Password: Mounting and chroot'ing require root privileges - for all the "sudo..." commands, either set up and use sudo or leave off the "sudo" and do them as root. The password prompt above is asking for wstearns' password on the host. [wstearns@sparrow 01-06-roots]$ mkdir /home/wstearns/uml/dev [wstearns@sparrow 01-06-roots]$ sudo mount -t devfs none /home/wstearns/uml/dev You'll need to copy in the linux binary and root filesystem. I'm using an absolute path of /home/wstearns/uml/01-06-roots for mine. I think one of the cow quirks is showing up here. If I try to use a previous cow file and root_fs, the cow mount complains that I'm trying to use what appears to be a different backing file: [wstearns@sparrow 01-06-roots]$ sudo chroot /home/wstearns/uml/ 01-06-roots/linux mem=64M ubd0=01-06-roots/root_fs.rh71.run2.cow,01-06-roots/root_fs.rh71 ubd1=01-06-roots/swap.run2 eth0=ethertap,tap2,C0:FF:EE:C0:FF:EE,192.168.0.254 gives... ubd0: Can't open "01-06-roots/root_fs.rh71.run2.cow": errno = 1 VFS: Cannot open root device "ubd0" or 62:00 Please append a correct "root=" boot option Kernel panic: VFS: Unable to mount root fs on 62:00 If I specify a new cow file, I can start up uml successfully: [wstearns@sparrow 01-06-roots]$ sudo chroot /home/wstearns/uml/ 01-06-roots/linux mem=64M ubd0=/01-06-roots/root_fs.rh71.run3.cow,/01-06-roots/root_fs.rh71 udb1=/01-06-roots/swap.run2 eth0=ethertap,tap2,C0:FF:EE:C0:FF:EE,192.168.0.254 The only boot error I get is: redhat71 login: Failed to open virtual console 1, errno = -19 Failed to open virtual console 2, errno = -19 Couldn't open serial line 0 - errno = 2 Failed to open virtual console 1, errno = -19 Couldn't open serial line 0 - errno = 2 Failed to open virtual console 2, errno = -19 Failed to open virtual console 1, errno = -19 I'll bet this is because the Xterms are trying to talk to /tmp/.X11-unix/X0, which isn't there in this chrooted environment. The alternative is to have the uml's xterms talk to the host's X server over the host's loopback address by running the following before starting the uml: [wstearns@sparrow 01-06-roots]$ set | grep DISPLAY DISPLAY=:0.0 This just shows the current state of the X DISPLAY variable. [wstearns@sparrow 01-06-roots]$ export DISPLAY='127.0.0.1:0.0' This tells the xterm binary to connect via tcp to localhost for the X display. [wstearns@sparrow uml]# mkdir -p /home/wstearns/uml/usr/X11R6/bin [wstearns@sparrow uml]# cp -p /usr/X11R6/bin/xterm /home/wstearns/uml/usr/X11R6/bin [wstearns@sparrow uml]# cp -p --parents `ldd /usr/X11R6/bin/xterm | awk '{print $3}'` /home/wstearns/uml Copy the main "xterm" binary and the libraries it needs into the top level chroot. [wstearns@sparrow uml]$ mkdir -p /home/wstearns/uml/usr/sbin [wstearns@sparrow uml]$ cp -p /usr/sbin/in.telnetd /home/wstearns/uml/usr/sbin/ [wstearns@sparrow uml]$ cp -p --parents `ldd /usr/sbin/in.telnetd | awk '{print $3}'` /home/wstearns/uml Also copy in the in.telnetd binary and libraries. [wstearns@sparrow uml]$ mkdir -p /home/wstearns/uml/bin/ [wstearns@sparrow uml]$ cp -p /home/wstearns/bin/uml_net /home/wstearns/uml/bin/ [wstearns@sparrow uml]$ sudo chmod 4755 /home/wstearns/uml/bin/uml_net [wstearns@sparrow uml]$ cp -p --parents `ldd /home/wstearns/uml/bin/uml_net | awk '{print $3}'` /home/wstearns/uml /home/wstearns/bin/uml_net is where I have the uml_net binary on my host - put the appropriate path for your system. Finally, start up the uml binary. [wstearns@sparrow 01-06-roots]$ sudo chroot /home/wstearns/uml/ 01-06-roots/linux mem=64M ubd0=/01-06-roots/root_fs.rh71.run3.cow,/01-06-roots/root_fs.rh71 udb1=/01-06-roots/swap.run2 eth0=ethertap,tap2,C0:FF:EE:C0:FF:EE,192.168.0.254 Darn it, I still get repeated: Failed to open virtual console 1, errno = -19 Failed to open virtual console 2, errno = -19 Couldn't open serial line 0 - errno = 2 Failed to open virtual console 1, errno = -19 Failed to open virtual console 1, errno = -19 Couldn't open serial line 0 - errno = 2 and INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "c" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes lines. I'm not quite sure what the chroot environment is missing. Any ideas? Cheers, - Bill --------------------------------------------------------------------------- "Computers let you make more mistakes faster than any other invention in human history, with the possible exception of handguns and tequila." -- Mitch Radcliffe (Courtesy of Hugo van der Kooij <hvd...@ca...>) -------------------------------------------------------------------------- William Stearns (wst...@po...). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com -------------------------------------------------------------------------- |
From: <pp...@pp...> - 2001-08-01 01:50:03
|
On Tue, Jul 31, 2001 at 03:33:52PM -0400, William Stearns wrote: > Darn it, I still get repeated: > Failed to open virtual console 1, errno = -19 > Failed to open virtual console 2, errno = -19 > Couldn't open serial line 0 - errno = 2 > Failed to open virtual console 1, errno = -19 > Failed to open virtual console 1, errno = -19 > Couldn't open serial line 0 - errno = 2 > and > INIT: Id "2" respawning too fast: disabled for 5 minutes > INIT: Id "c" respawning too fast: disabled for 5 minutes > INIT: Id "1" respawning too fast: disabled for 5 minutes > lines. I'm not quite sure what the chroot environment is missing. > Any ideas? Why don't you add no-xterm to the command line? Do you need the xterms? (I guess not, since you're trying to chroot it you're probably offering access to untrusted users). Petru |