Running configure scripts inside chroot on Grsec kernel
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Running configure scripts inside chroot on Grsec kernel
Hello,
I seem unable to run any configure scripts (autoconf) inside a Chroot environment on a box with a Grsec kernel. The chroot environment is actually a full Linux LFS installation (which was compiled from the LFS LiveCD, which is not Grsec-enabled). Attempting to run configure produces no output whatsoever, and the process never responds or returns.
Strace output is hard to decipher for me, but it appears that it is looping somehow. (It won't let me attach the compressed bz2 file of the text, as uncompressed for only a 1 minute run it is over 8MB, but compresses down to 65KB, which indicates a lot of repetition.)
Is this a Grsec issue? Is there any resolution short of not using Grsec on the box in question or only compiling applications on other non-Grsec kernel systems? (Some packages I am compiling may need to be aware of Grsec...)
Chroot on grsecurity is locked down pretty tight. if you compile it outside of chroot it should work fine but not inside of chroot on grsecurity.
Quote:
Chroot restrictions
No attaching shared memory outside of chroot
No kill outside of chroot
No ptrace outside of chroot (architecture independent)
No capget outside of chroot
No setpgid outside of chroot
No getpgid outside of chroot
No getsid outside of chroot
No sending of signals by fcntl outside of chroot
No viewing of any process outside of chroot, even if /proc is mounted
No mounting or remounting
No pivot_root
No double chroot
No fchdir out of chroot
Enforced chdir("/") upon chroot
No (f)chmod +s
No mknod
No sysctl writes
No raising of scheduler priority
No connecting to abstract unix domain sockets outside of chroot
Removal of harmful privileges via capabilities
Exec logging within chroot
Ah, therein lies the problem. The problem is that the libc version inside the chroot is different than the one outside, so compiling outside on the host box will not work.
So far I've been successful at just keeping a copy of the chroot somewhere else (a non-grsec box) and using it to compile things there, then using DESTDIR to make a "package" to transfer the compiled files to the chroot. It does seem to be owrking.
So if we're pretty sure this is a Grsec issue, and it's by design, then I guess that's how it is. At least the system works at all LOL.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.