Talk:Running glibc programs: Difference between revisions

From Alpine Linux
No edit summary
m (Unsigned comment attribution.)
 
(10 intermediate revisions by 4 users not shown)
Line 1: Line 1:
Please add the following if pertinent:
https://github.com/sgerrand/alpine-pkg-glibc/


<small><span class="autosigned">—&nbsp;Preceding [[Help:Signature|unsigned]] comment added by [[User:Mekineer|Mekineer]] ([[User talk:Mekineer|{{int:talkpagelinktext}}]] • [[Special:Contributions/Mekineer|{{int:contribslink}}]]) 11:04, 26 February 2024‎</span></small>
----


I thought about the MegaCli wrapper.
I thought about the MegaCli wrapper.
Line 13: Line 17:




this is my /usr/bin/MegaCli now, using a minimal Debian install in /debian.


Wrapper version:
<nowiki>
 
 
"""localhost:/usr/bin# cat MegaCli
#!/bin/bash
#!/bin/bash




KEYS="kernel.grsecurity.chroot_caps kernel.grsecurity.chroot_deny_chmod kernel.grsecurity.chroot_deny_chroot kernel.grsecurity.chroot_deny_fchdir \
KEYS="kernel.grsecurity.chroot_caps kernel.grsecurity.chroot_deny_chmod \
kernel.grsecurity.chroot_deny_mknod kernel.grsecurity.chroot_deny_mount kernel.grsecurity.chroot_deny_pivot kernel.grsecurity.chroot_deny_shmat \
kernel.grsecurity.chroot_deny_chroot kernel.grsecurity.chroot_deny_fchdir \
kernel.grsecurity.chroot_deny_sysctl kernel.grsecurity.chroot_deny_unix kernel.grsecurity.chroot_enforce_chdir kernel.grsecurity.chroot_findtask \
kernel.grsecurity.chroot_deny_mknod kernel.grsecurity.chroot_deny_mount \
kernel.grsecurity.chroot_deny_pivot kernel.grsecurity.chroot_deny_shmat \
kernel.grsecurity.chroot_deny_sysctl kernel.grsecurity.chroot_deny_unix \
kernel.grsecurity.chroot_enforce_chdir kernel.grsecurity.chroot_findtask \
kernel.grsecurity.chroot_restrict_nice"
kernel.grsecurity.chroot_restrict_nice"


Line 44: Line 49:
umount $CHROOT/proc
umount $CHROOT/proc
umount $CHROOT/dev
umount $CHROOT/dev
umount $CHROOT/sys
umount $CHROOT/sys</nowiki>
"""
 
<small><span class="autosigned">—&nbsp;Preceding [[Help:Signature|unsigned]] comment added by [[User:Darkfader|Darkfader]] ([[User talk:Darkfader|{{int:talkpagelinktext}}]] • [[Special:Contributions/Darkfader|{{int:contribslink}}]]) 15:32, 11 July 2014‎</span></small>
 
----
 
If you know how to relax grsecurity without using vanilla on Gentoo to allow PAM to not trigger a postinst error, you should edit the Gentoo section.
 
<small><span class="autosigned">—&nbsp;Preceding [[Help:Signature|unsigned]] comment added by [[User:Orson Teodoro|Orson Teodoro]] ([[User talk:Orson Teodoro|{{int:talkpagelinktext}}]] • [[Special:Contributions/Orson Teodoro|{{int:contribslink}}]]) 13:12, 3 February 2018‎</span></small>

Latest revision as of 06:29, 29 February 2024

Please add the following if pertinent: https://github.com/sgerrand/alpine-pkg-glibc/

— Preceding unsigned comment added by Mekineer (talkcontribs) 11:04, 26 February 2024‎


I thought about the MegaCli wrapper. It should be possible to make it read the name it was called by and then launch the respective program (i.e. symlink any to-be-wrapped command to /var/lib/glibcstuff ...)

that way you get along with one wrapper script and symlinks to it in /usr/bin.

Another thing I couldnt figure is if it's important to use all 32bit versions?

And the download links for archlinux are not working because they forward wget to an https url. maybe this is some limitation in the default wget version. If i figure it out i'll do updates on this.


this is my /usr/bin/MegaCli now, using a minimal Debian install in /debian.

#!/bin/bash


KEYS="kernel.grsecurity.chroot_caps kernel.grsecurity.chroot_deny_chmod \
kernel.grsecurity.chroot_deny_chroot kernel.grsecurity.chroot_deny_fchdir \
kernel.grsecurity.chroot_deny_mknod kernel.grsecurity.chroot_deny_mount \
kernel.grsecurity.chroot_deny_pivot kernel.grsecurity.chroot_deny_shmat \
kernel.grsecurity.chroot_deny_sysctl kernel.grsecurity.chroot_deny_unix \
kernel.grsecurity.chroot_enforce_chdir kernel.grsecurity.chroot_findtask \
kernel.grsecurity.chroot_restrict_nice"

for key in $KEYS ; do
   sysctl -w ${key}=0 1>/dev/null
done


export CHROOT=/debian
user=$(whoami)
if [ "$user" != "root" ];then
echo "This script needs root access"
exit
fi
mount -t proc proc $CHROOT/proc/
mount --bind /dev/ $CHROOT/dev/
mount --bind /sys/ $CHROOT/sys/
#we may need dev and maybe proc too to use this program
chroot $CHROOT /opt/MegaRAID/MegaCli/MegaCli $@
umount $CHROOT/proc
umount $CHROOT/dev
umount $CHROOT/sys

— Preceding unsigned comment added by Darkfader (talkcontribs) 15:32, 11 July 2014‎


If you know how to relax grsecurity without using vanilla on Gentoo to allow PAM to not trigger a postinst error, you should edit the Gentoo section.

— Preceding unsigned comment added by Orson Teodoro (talkcontribs) 13:12, 3 February 2018‎