Thread
:
Chroot Scripts for Harmattan Open Mode
View Single Post
itsnotabigtruck
2012-03-08 , 08:18
Posts: 245 | Thanked: 915 times | Joined on Feb 2012
#
27
Looks like this is a bit trickier than I'd hoped.
Globally disabling origin checking (as above) ought to do the trick, but if full root access isn't needed
inside
the chroot, it should suffice to:
a) install the chroot scripts from a package, requesting the needed credentials to set up the bind mounts etc.
b) relinquish those credentials when it comes time to actually start the chroot
Something such as
/usr/bin/aegis-exec -c -a CAP::sys_chroot /bin/chroot /path/to/jail /sbin/capsh --caps='' -- -c '/path/to/payload'
ought to work (this requires libcap2-bin inside the jail)
Also, @z720 - rainisto's suggestion only works if Aegis is "unsealed", which isn't the case on a fully booted system. It should be possible to change this, but that requires a kernel module that no one has put together yet for current kernel versions.
__________________
I N C E P T I O N
Calendarrr
|
ad-hac
|
sparsify
|
aegisctl
MilkyTracker
|
Mosh
Firmware Flashing Guide
Quote & Reply
|
itsnotabigtruck
View Public Profile
Send a private message to itsnotabigtruck
Find all posts by itsnotabigtruck