Re: openssh-server's default config is dangerous
On Tue, 12 Jul 2016, Stefan Monnier wrote:
> I often need something like this when running inside a chroot and
> always have trouble finding the clean&easy way to do it
Here's one example that mk-sbuild uses:
(jessie-amd64)$ cat /usr/sbin/policy-rc.d
#!/bin/sh
while true; do
case "$1" in
-*) shift ;;
makedev) exit 0;;
x11-common) exit 0;;
*) exit 101;;
esac
done
For future reference, this is all covered in Debian Policy §9.3.3
"Interfacing with the initscript system" and invoke-rc.d(8).
> (IIUC dpkg should figure out on its own that it's running in a chroot,
> but it doesn't seem to work reliably enough in my experience, or maybe
> I misunderstood how "running in chroot" is expected to affect dpkg's
> behavior by default).
In this particular case, the issue isn't dpkg, but the package
maintainer scripts. Those all operate using invoke-rc.d, and are
blissfully unaware of whether they are operating inside of a chroot or
outside. [Indeed, there's no reliable way of identifying whether you're
actually in a chroot or not unless you're root and can compare your root
to init's root.]
--
Don Armstrong https://www.donarmstrong.com
If it jams, force it. If it breaks, it needed replacing anyway.
-- Lowery's Law
Reply to: