[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firefox in 32-bit chroot

On Fri, May 30, 2008 at 09:36:40AM +0100, michael wrote:
> On 29 May 2008, at 08:00, Todd A. Jacobs wrote:
> >I'm attempting to run firefox in a 32-bit chroot using schroot with
> >run-setup-scripts=false because I don't want to mess with my real home
> >directory. Firefox is installed, as is x11-common. However:
> >
> >    $ schroot -c firefox firefox
> >    I: [firefox chroot] Running command: "firefox"
> >
> >    (firefox-bin:16741): Gtk-WARNING **: cannot open display:
> >
> >Even when I run "xhost +localhost" and schroot in and manually set
> >DISPLAY=:0, I get the same results. What else am I missing here?
> I'm intrigued as to the quickest way to build the smallest 32 bit  
> chroot (schroot?) on my AMD64 box, for just this purpose (running a  
> "full" browser with alll the plugins...) Any advice welcome! M

Re the home dirctory thing:  I don't know why its not working but I'm
assuming something about .Xauthority.  What is your concern.  

Personally, I built my chroot with debootstrap.  I couldn't find an
up-to-date howto but I pick and chose from the amd64 howto on the
website to get the base chroot installed, installed schroot and read its
man page, set it up, then used schroot -pc etch-ia32 aptitude to set up
the chroot appropriatly.

The chroot is installed in /srv/schroot/etch-ia32 (/srv is on its own
LV) and here is my schroot config file:

# schroot chroot definitions.
# See schroot.conf(5) for complete documentation of the file format.
# Please take note that you should not add untrusted users to
# root-groups, because they will essentially have full root access
# to your system.  They will only have root access inside the chroot,
# but that's enough to cause malicious damage.
description=Debian Etch ia32

# The following lines are examples only.  Uncomment and alter them to
# customise schroot for your needs, or create a new entry from scratch.

[snip the remaining commented-out examples]

As you can see, I limit access to users in the games group.

For further security (enforced only by user dicipline), I only use
javascript in the schroot and I have a separate user for using
javascript and flash-enabled browsers in the chroot.  My normal user
(which is also in adm and staff) cannot run the chroot since its not in
games.  Root is in games since it needs to run schroot to run aptitude
but root never runs a web browser.

I hope this helps.


Reply to: