On Tue, 13 Jun 2023, Bill Allombert wrote: >I agree, chroots are important to consider, and the system should not >make assumptions how and why there are used.
Thanks! >Conversely, sometimes I need to use chroots to test init scripts. >start-stop-daemon should not refuse to run in a chroot if policy-rc.d >allows it. TTBOMK this works-ish. It certainly starts and stops things, but if you have the same thing running outside of the chroot, interference may happen. You’ll probably want a separate pid namespace (I think) at least, and make sure that, when leaving the chroot, everything started in it is in fact terminated; sometimes, things like to keep hanging around. This is easier to manage with VMs or (probably; I don’t like to use them myself) container-ish thingies. In my schroot setup I used to start a vncserver in a persistent chroot back when my main system was x32 and vncserver didn’t like that nor was coïnstallable (hence the i386 chroot). My “enter a Debian chroot” script, to use e.g. with a Grml live ISO to fix the bootloader (or to work under qemu-user with an RPi µSD image before moving it into the embedded machine), certainly tries hard to create a policy-rc.d to disable dæmon starting should the user need to install packages, so it generally will work. https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=shellsnippets/shellsnippets.git;a=blob;f=posix/sysadmin/debchroot.sh;hb=HEAD in case someone’s interested, it’s more complete than grml-chroot. bye, //mirabilos -- Infrastrukturexperte • tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/ Telephon +49 228 54881-393 • Fax: +49 228 54881-235 HRB AG Bonn 5168 • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg **************************************************** /⁀\ The UTF-8 Ribbon ╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: ╳ HTML eMail! Also, https://www.tarent.de/newsletter ╱ ╲ header encryption! ****************************************************
