Re: Daemons in schroot or how to start chroot automatically
On Sat, Jul 21, 2012 at 11:54:58AM +0000, Ramon Hofer wrote:
> On Fri, 20 Jul 2012 17:32:14 +0100, Roger Leigh wrote:
>
> > On Fri, Jul 20, 2012 at 12:48:49PM +0000, Ramon Hofer wrote:
> >> On Fri, 20 Jul 2012 10:42:58 +0100, Roger Leigh wrote:
> >>
> >> > On Thu, Jul 19, 2012 at 12:34:26PM +0000, Ramon Hofer wrote:
> >> >> I have some questions about starting daemons in a chroot environment
> >> >> or rather about starting schroot on bootup.
> >> >> The reason I want to do this is to clean up my server. It's a
> >> >> Squeeze with an AMD64 kernel from backports. Some packages are from
> >> >> testing which gives me problems because of dependencies that can't
> >> >> be fullfilled: sabnzbdplus from testing depends on python so I can't
> >> >> install build- essential...
> >> >>
> >> >> So far I was able to setup a chroot with schroot and installed sid
> >> >> in it.
> >> >>
> >> >> [sid]
> >> >> description=Debian sid (unstable)
> >> >> directory=/srv/chroot/sid users=hoferr groups=hoferr
> >> >> root-groups=root aliases=unstable,default
> >> >
> >> > set type=directory here
> >>
> >> That sounds great what I can read in the schroot.conf manpage:
> >> "In consequence, filesystems such as /proc are not mounted in
> >> plain chroots; it is the responsibility of the system
> >> administrator to configure such chroots by hand, whereas directory
> >> chroots are automatically configured."
> >>
> >> This means I can remove the remounts of /proc, /dev and /sys to /srv/
> >> chroot/sid/... from my /etc/fstab?
> >
> > Yes, exactly. You still have an fstab--it's /etc/schroot/default/fstab,
> > though this is configurable (set script=config with schroot 1.4.x, or
> > profile= with schroot 1.6.x).
>
> Very nice!
> This is the default fstab which is used for all schroots right?
Yes.
> Is there another one which I can use to set specific mounts?
> Like in my case the config dir in my home for sabnzbd?
Not provided with the package. You could just
sudo cp -r /etc/schroot/default /etc/schroot/sabnzbd
and then set
script-config=/etc/schroot/sabnzdb/config
(you'll need to edit this file to update the paths in it from
/etc/schroot/default to /etc/schroot/sabnzdb.
> And I should copy/bind another config file. Is it possible to have
> different /etc/schroot/default/copyfiles for different schroot
> environments?
> Something like /etc/schroot/[SCHROOT]/fstab and /etc/schroot/[SCHROOT]/
> copyfiles would be very handy :-)
Not using the same /etc/schroot/default/copyfiles file, but by
creating your own chroot-specific config directory as above, it's
definitely possible. See the other options like
/etc/schroot/desktop for pre-canned profiles provided as
alternatives to "default".
> >> But when I try this out and comment the proc and dev remounts and
> >> restart the system sabnzbd+ isn't started automatically and when I try
> >> it when the init.d script manually I get:
> >> [....] Starting SABnzbd+ binary newsgrabber:start-stop-daemon: nothing
> >> in /proc - not mounted?
> >> failed!
> >
> > Hmm, it should have mounted it. Try looking at the information reported
> > with "-v"; you should see the 10mount script mount mounting the
> > filesystems. If it doesn't, you should see an error at this point.
> > Or, if the configuration is broken for some reason, maybe you'll see an
> > absence of mounting. You should see the reverse happen when you end the
> > session as well.
>
> I found what I did wrong: In the init.d script I used chroot instead of
> schroot:
> http://pastebin.com/raw.php?i=Lamy4K4a
>
> Could you please help me with the correct command?
> Instead of `chroot /srv/chroot/sid /etc/init.d/sabnzbdplus start` can I
> use `schroot -c sid sabnzbdplus start`?
>
> Then this would be my new schroot script:
> http://pastebin.com/raw.php?i=Lamy4K4a
I think I followed up on this one in your following mail.
> >> >> In the chroot I have created a new user called hoferr and am now
> >> >> able to login without root privilieges.
> >> >> But in there sudo is missing. Maybe this can be resolved by
> >> >> installing the correct base system meta package mentioned above?
> >> >
> >> > You could install sudo. But why? This is what schroot /is/ (chroot
> >> > +
> >> > sudo). If you want to do stuff as root inside the chroot,
> >> > just add yourself to root-groups/root-users.
> >>
> >> Or start it with `sudo schroot -p -c sid`.
> >
> > That's a possibility, though I would personally just configure schroot
> > to give me root access directly.
>
> I have tried to set root-groups=root,sudo in /etc/schroot/schroot.conf
> for the (only) but this doesn't give me root access (even though I'm
> member of the sudo group outside the chroot and inside it as it seems
> the /etc/group files are the same).
>
> I've also tried to add my user directly to the root-groups without
> success. What could I possibly do wrong?
Did you run with "-u root" to switch to the root user inside the
chroot? If you don't use "-u" it will just run as the current
user, rather than switching. So long as one of the groups you
are a member of is in root-groups or root-users, you'll be
allowed to switch without a password. If you aren't in one of those,
you'll be prompted for a password IIRC.
> >> I'm still using version 1.4.19. But this feature sounds very good!
> >>
> >> Btw I have accidentally run `schroot -v` instead -V to get the version
> >> number. First I got a little shock but now the prompt shows the name of
> >> the chroot I'm logged into even if I only do `schroot -p -c sid`.
> >> That's great :-)
> >
> > Fantastic! That's one of the little details set up by the setup scripts
> > (50chrootname). It will also handle other things like copying over the
> > passwd database so you have the same accounts inside the chroot that you
> > have on the host.
>
> What do you mean by the setup script? Using the -v option?
> Or is it `setup-start`? Should I run it after I've changed schroot.conf
> which is maybe the solution to my problem with the permission from above?
This is all done automatically, and irrespective of -v (this just
shows you want it's doing, it's still done when you don't use it).
The setup scripts are run when you begin or end a session using -b
or -e. If you don't use -b or -e, it's done all in the one command
automatically.
> Btw do you know a some documentation on how I schroot and chroot work? Is
> it really only changing the root directory. I'm wondering because when I
> install a package from sid it's not sure that it'll work with the Squeeze
> kernel?
Both are just changing the root directory. schroot does some additional
stuff as well such as creating/snapshotting the chroot and running the
setup scripts, and also handling authentication and user switching, but
ultimately both just call the chroot(2) system call, and then run a
shell or command.
If you run software in a sid chroot that uses specific features of the
sid kernel not available in squeeze, then it will fail. But all of the
important stuff like devices, procfs, sysfs are inherited from the
host system--the chroot is not a standalone environment, and does not
run the rcS scripts or anything at startup. So in practice it will
work for all but the most esoteric software. All of the Debian
autobuilders run squeeze, using sid chroots with schroot for package
building--issues arising from using a squeeze kernel and a sid chroot
are almost unheard of (and would be considered a bug in the package).
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools
`- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
Reply to: