Talk:Running glibc programs: Difference between revisions
No edit summary |
m (Unsigned comment attribution.) |
||
(10 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
Please add the following if pertinent: | |||
https://github.com/sgerrand/alpine-pkg-glibc/ | |||
<small><span class="autosigned">— Preceding [[Help:Signature|unsigned]] comment added by [[User:Mekineer|Mekineer]] ([[User talk:Mekineer|{{int:talkpagelinktext}}]] • [[Special:Contributions/Mekineer|{{int:contribslink}}]]) 11:04, 26 February 2024</span></small> | |||
---- | |||
I thought about the MegaCli wrapper. | I thought about the MegaCli wrapper. | ||
Line 13: | Line 17: | ||
this is my /usr/bin/MegaCli now, using a minimal Debian install in /debian. | |||
<nowiki> | |||
#!/bin/bash | #!/bin/bash | ||
KEYS="kernel.grsecurity.chroot_caps kernel.grsecurity.chroot_deny_chmod kernel.grsecurity.chroot_deny_chroot kernel.grsecurity.chroot_deny_fchdir \ | KEYS="kernel.grsecurity.chroot_caps kernel.grsecurity.chroot_deny_chmod \ | ||
kernel.grsecurity.chroot_deny_mknod kernel.grsecurity.chroot_deny_mount kernel.grsecurity.chroot_deny_pivot kernel.grsecurity.chroot_deny_shmat \ | kernel.grsecurity.chroot_deny_chroot kernel.grsecurity.chroot_deny_fchdir \ | ||
kernel.grsecurity.chroot_deny_sysctl kernel.grsecurity.chroot_deny_unix kernel.grsecurity.chroot_enforce_chdir kernel.grsecurity.chroot_findtask \ | kernel.grsecurity.chroot_deny_mknod kernel.grsecurity.chroot_deny_mount \ | ||
kernel.grsecurity.chroot_deny_pivot kernel.grsecurity.chroot_deny_shmat \ | |||
kernel.grsecurity.chroot_deny_sysctl kernel.grsecurity.chroot_deny_unix \ | |||
kernel.grsecurity.chroot_enforce_chdir kernel.grsecurity.chroot_findtask \ | |||
kernel.grsecurity.chroot_restrict_nice" | kernel.grsecurity.chroot_restrict_nice" | ||
Line 44: | Line 49: | ||
umount $CHROOT/proc | umount $CHROOT/proc | ||
umount $CHROOT/dev | umount $CHROOT/dev | ||
umount $CHROOT/sys | umount $CHROOT/sys</nowiki> | ||
""" | |||
<small><span class="autosigned">— Preceding [[Help:Signature|unsigned]] comment added by [[User:Darkfader|Darkfader]] ([[User talk:Darkfader|{{int:talkpagelinktext}}]] • [[Special:Contributions/Darkfader|{{int:contribslink}}]]) 15:32, 11 July 2014</span></small> | |||
---- | |||
If you know how to relax grsecurity without using vanilla on Gentoo to allow PAM to not trigger a postinst error, you should edit the Gentoo section. | |||
<small><span class="autosigned">— Preceding [[Help:Signature|unsigned]] comment added by [[User:Orson Teodoro|Orson Teodoro]] ([[User talk:Orson Teodoro|{{int:talkpagelinktext}}]] • [[Special:Contributions/Orson Teodoro|{{int:contribslink}}]]) 13:12, 3 February 2018</span></small> |
Latest revision as of 06:29, 29 February 2024
Please add the following if pertinent: https://github.com/sgerrand/alpine-pkg-glibc/
— Preceding unsigned comment added by Mekineer (talk • contribs) 11:04, 26 February 2024
I thought about the MegaCli wrapper. It should be possible to make it read the name it was called by and then launch the respective program (i.e. symlink any to-be-wrapped command to /var/lib/glibcstuff ...)
that way you get along with one wrapper script and symlinks to it in /usr/bin.
Another thing I couldnt figure is if it's important to use all 32bit versions?
And the download links for archlinux are not working because they forward wget to an https url. maybe this is some limitation in the default wget version. If i figure it out i'll do updates on this.
this is my /usr/bin/MegaCli now, using a minimal Debian install in /debian.
#!/bin/bash KEYS="kernel.grsecurity.chroot_caps kernel.grsecurity.chroot_deny_chmod \ kernel.grsecurity.chroot_deny_chroot kernel.grsecurity.chroot_deny_fchdir \ kernel.grsecurity.chroot_deny_mknod kernel.grsecurity.chroot_deny_mount \ kernel.grsecurity.chroot_deny_pivot kernel.grsecurity.chroot_deny_shmat \ kernel.grsecurity.chroot_deny_sysctl kernel.grsecurity.chroot_deny_unix \ kernel.grsecurity.chroot_enforce_chdir kernel.grsecurity.chroot_findtask \ kernel.grsecurity.chroot_restrict_nice" for key in $KEYS ; do sysctl -w ${key}=0 1>/dev/null done export CHROOT=/debian user=$(whoami) if [ "$user" != "root" ];then echo "This script needs root access" exit fi mount -t proc proc $CHROOT/proc/ mount --bind /dev/ $CHROOT/dev/ mount --bind /sys/ $CHROOT/sys/ #we may need dev and maybe proc too to use this program chroot $CHROOT /opt/MegaRAID/MegaCli/MegaCli $@ umount $CHROOT/proc umount $CHROOT/dev umount $CHROOT/sys
— Preceding unsigned comment added by Darkfader (talk • contribs) 15:32, 11 July 2014
If you know how to relax grsecurity without using vanilla on Gentoo to allow PAM to not trigger a postinst error, you should edit the Gentoo section.
— Preceding unsigned comment added by Orson Teodoro (talk • contribs) 13:12, 3 February 2018