Thread: Fixes to mkchroot.sh for Ubuntu 12.04.2 LTS precise 64-bit

Brought to you by: xystrus

rssh-discuss

Fixes to mkchroot.sh for Ubuntu 12.04.2 LTS precise 64-bit

From: Gary B. <rss...@ad...> - 2013-03-12 15:52:10

I installed rssh from packages, and used the mkchroot.sh script to create a
chroot jail for a user. The script threw up errors, and when I tried to
connect, I got the "Connection closed" message.

The FAQ says:

"However it seems that on recent Linux distros, the script is missing
something important, and I haven't yet figured out what that is... If you
are able to identify it, please post to the mailing list to let me (and
everyone else) know."

So, to get it to work, I altered the lines that referred to libnss file to
change /lib/ to /lib/x86_64-linux-gnu/

Here's a simple diff:

$ diff mkchroot.sh.orig mkchroot.sh
151c151
<             /lib/libnss_compat* /lib/libnss_files*; do
---
>             /lib/x86_64-linux-gnu/libnss_compat* /lib/x86_64-linux-gnu/libnss_files*; do
164c164
< tar -cf - /lib/libnss_compat* /lib/libnss_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/'
---
> tar -cf - /lib/x86_64-linux-gnu/libnss_compat* /lib/x86_64-linux-gnu/libnss_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/'

Gaz

Re: Fixes to mkchroot.sh for Ubuntu 12.04.2 LTS precise 64-bit

From: Russ A. <rr...@st...> - 2013-03-12 16:38:49

Gary Barnes <rss...@ad...> writes:

> I installed rssh from packages, and used the mkchroot.sh script to create a
> chroot jail for a user. The script threw up errors, and when I tried to
> connect, I got the "Connection closed" message.

> The FAQ says:

> "However it seems that on recent Linux distros, the script is missing
> something important, and I haven't yet figured out what that is... If you
> are able to identify it, please post to the mailing list to let me (and
> everyone else) know."

> So, to get it to work, I altered the lines that referred to libnss file to
> change /lib/ to /lib/x86_64-linux-gnu/

I'm not entirely sure what "installed from packages" refers to -- did you
install the rssh package in Ubuntu?  The mkchroot.sh script that is
shipped with that package (in /usr/share/doc/rssh) should already handle
this case correctly via the following:

# On Debian with multiarch, the libnss files are in /lib/<triplet>, where
# <triplet> is the relevant architecture triplet.  Just copy everything
# that's installed, since we're not sure which ones we'll need.
echo "copying name service resolution libraries..."
if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then
    tar -cf - /lib/libnss_compat* /lib/libnss*_files* \
        | tar -C "$jail_dir" -xvf - | sed 's/^/\t/'
else
    tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \
        | tar -C "$jail_dir" -xvf - | sed 's/^/\t/'
fi

-- 
Russ Allbery (rr...@st...)             <http://www.eyrie.org/~eagle/>

Re: Fixes to mkchroot.sh for Ubuntu 12.04.2 LTS precise 64-bit

From: Gary B. <rss...@ad...> - 2013-03-12 17:08:21

On Tue, Mar 12, 2013 at 09:38:37AM -0700, Russ Allbery wrote:
> Gary Barnes <rss...@ad...> writes:
> 
> I'm not entirely sure what "installed from packages" refers to -- did you
> install the rssh package in Ubuntu?

Yes.

"aptitude install rssh" installed version 2.3.3-1 on Ubuntu 12.04.2
LTS. Doing the same on an Ubuntu 12.10 server installed 2.3.3-5.

>From your description, the exact problem I saw is fixed in a later version,
which is all I hoped to achieve by my post, so all's good.

It seems my problem was due to Ubuntu not keeping up with releases of rssh.

Gaz

Re: Fixes to mkchroot.sh for Ubuntu 12.04.2 LTS precise 64-bit

From: Russ A. <rr...@st...> - 2013-03-12 17:23:55

Gary Barnes <rss...@ad...> writes:

> Yes.

> "aptitude install rssh" installed version 2.3.3-1 on Ubuntu 12.04.2
> LTS. Doing the same on an Ubuntu 12.10 server installed 2.3.3-5.

> From your description, the exact problem I saw is fixed in a later
> version, which is all I hoped to achieve by my post, so all's good.

> It seems my problem was due to Ubuntu not keeping up with releases of
> rssh.

Oh, I see my mistake.  I thought 12.04 was quantal.  It's precise, which
indeed had too old of a version (by just one revision).  It's not Ubuntu's
fault; they released with the latest version that was available from
Debian at the time.  Debian was much slower than Ubuntu to switch to
multiarch, and then I was a bit slow to adapt the package.

-- 
Russ Allbery (rr...@st...)             <http://www.eyrie.org/~eagle/>

Re: Fixes to mkchroot.sh for Ubuntu 12.04.2 LTS precise 64-bit

From: Gary B. <rss...@ad...> - 2013-03-12 17:29:16

On Tue, Mar 12, 2013 at 10:23:45AM -0700, Russ Allbery wrote:
> Gary Barnes <rss...@ad...> writes:
> > Yes.
> 
> > "aptitude install rssh" installed version 2.3.3-1 on Ubuntu 12.04.2
> > LTS. Doing the same on an Ubuntu 12.10 server installed 2.3.3-5.
> 
> > From your description, the exact problem I saw is fixed in a later
> > version, which is all I hoped to achieve by my post, so all's good.
> 
> > It seems my problem was due to Ubuntu not keeping up with releases of
> > rssh.
> 
> Oh, I see my mistake.  I thought 12.04 was quantal.  It's precise, which
> indeed had too old of a version (by just one revision).  It's not Ubuntu's
> fault; they released with the latest version that was available from
> Debian at the time.  Debian was much slower than Ubuntu to switch to
> multiarch, and then I was a bit slow to adapt the package.

Yes, checking the mkchroot.sh script on the Ubuntu 12.10 server I just
installed it on, the mkchroot.sh script does include the fix (in 2.3.3-5).

Gaz