Re: Idea: about package installation under chroot.
Hello
On Thu, Mar 24, 2005 at 02:54:40PM -0300, Jorge L. deLyra wrote:
> Dear Debian developers,
>
> I would like to consult the developer community on the following issue.
>
> Here is the story: Debian packages including daemons may be a problem for
> people installing them via chroot, due to the fact that the packages will
> typically try to stop and restart the daemons. In fact, this can interact
> destructively with the system of the server, accidentally killing this or
> that process. It may also cause the Debian package tools to crash.
>
> Installation via chroot can be very useful for embedded systems, and also
> for diskless machines that boot remotely from a server and mount the root
> via NFS. If a package is being installed via chroot running in the server
> it does not really make any sense to try to stop or start daemons.
>
> Although most packages do in fact survive this process, in the sense that
> the installation completes despite some errors when stopping and starting
> daemons, some do cause the package tools to exit in error, leaving behind
> a broken package. One example that is particularly troublesome is rwhod.
>
> Now, all this can be avoided very simply by a line in the init.d/ script
> for the daemon, checking that /proc is mounted. Since it will be mounted
> on normal systems but typically not when using a chroot shell, it serves
> as a flag to enable the daemon restarting procedure.
>
> I am using successfully the following line to fix the situation in the
> case of the troublesome rwhod package, near the top of the file:
>
> test -e /proc/mounts || exit 0
>
> So here are my questions: is there any way in which including a line like
> this in the init.d/ scripts can be adopted as a standard procedure in the
> future, for all Debian packages containing daemons?
>
> Are there, perhaps, undesirable side effects to this?
Yes there are.
First of all people can mount entire or all of proc into a chroot.
The second problem is with vservers (www.linux-vserver.org) and the util-vserver
tools. Using this project you can mask parts (at least with latest development
branch as I have understood it) of /proc, so this can have really bad side
effects.
> Is there some other, better solution to this problem?
Hopefully yes.
> Solving this problem would certainly help people using chroot to install
> packages and so help to extend the range of applicability and usefulness
> of Debian.
> Cheers,
I suggest you actually use the vserver project (or the util-vserver and
kernel-patch-vserver packages) in order to have full virtualization
of your chroot if that is what you want.
Regards,
// Ola
> ----------------------------------------------------------------
> Jorge L. deLyra, Associate Professor of Physics
> The University of Sao Paulo, IFUSP-DFMA
> For more information: finger delyra@latt.if.usp.br
> ----------------------------------------------------------------
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Annebergsslingan 37 \
| opal@lysator.liu.se 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: