[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Idea: about package installation under chroot.


On Thu, Mar 24, 2005 at 02:54:40PM -0300, Jorge L. deLyra wrote:
> Dear Debian developers,
> I would like to consult the developer community on the following issue.
> Here is the story: Debian packages including daemons may be a problem for
> people installing them via chroot, due to the fact that the packages will
> typically try to stop and restart the daemons. In fact, this can interact
> destructively with the system of the server, accidentally killing this or
> that process. It may also cause the Debian package tools to crash.
> Installation via chroot can be very useful for embedded systems, and also
> for diskless machines that boot remotely from a server and mount the root
> via NFS. If a package is being installed via chroot running in the server
> it does not really make any sense to try to stop or start daemons.
> Although most packages do in fact survive this process, in the sense that
> the installation completes despite some errors when stopping and starting
> daemons, some do cause the package tools to exit in error, leaving behind
> a broken package. One example that is particularly troublesome is rwhod.
> Now, all this can be avoided very simply by a line in the init.d/ script
> for the daemon, checking that /proc is mounted. Since it will be mounted
> on normal systems but typically not when using a chroot shell, it serves
> as a flag to enable the daemon restarting procedure.
> I am using successfully the following line to fix the situation in the
> case of the troublesome rwhod package, near the top of the file:
> test -e /proc/mounts || exit 0
> So here are my questions: is there any way in which including a line like
> this in the init.d/ scripts can be adopted as a standard procedure in the
> future, for all Debian packages containing daemons?
> Are there, perhaps, undesirable side effects to this?

Yes there are.

First of all people can mount entire or all of proc into a chroot.

The second problem is with vservers (www.linux-vserver.org) and the util-vserver
tools. Using this project you can mask parts (at least with latest development
branch as I have understood it) of /proc, so this can have really bad side

> Is there some other, better solution to this problem?

Hopefully yes.

> Solving this problem would certainly help people using chroot to install
> packages and so help to extend the range of applicability and usefulness
> of Debian.
> 							Cheers,

I suggest you actually use the vserver project (or the util-vserver and
kernel-patch-vserver packages) in order to have full virtualization
of your chroot if that is what you want.


// Ola

> ----------------------------------------------------------------
>         Jorge L. deLyra,  Associate Professor of Physics
>             The University of Sao Paulo,  IFUSP-DFMA
>        For more information: finger delyra@latt.if.usp.br
> ----------------------------------------------------------------
> -- 
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Annebergsslingan 37      \
|  opal@lysator.liu.se                 654 65 KARLSTAD          |
|  +46 (0)54-10 14 30                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /

Reply to: