SharkyUA
05-11-2014, 17:36
Доброго времени суток!
Нужно сделать окружение chroot с минимальным количеством библиотек для выполнения некоторых задач с использованием screen.
Очень важен размер, т.к. данное окружение будет скопировано каждому пользователю отдельно.
Приветствуются также альтернативы "jailing'а" процессов, которые подойдут для данных действий.
Все зависимости (по ldd и strace) скопировал.
Смонтировал proc, /dev/null, /dev/tty, /dev/pts (mount -t devpts none /chroot/dev/pts -o ptmxmode=0666).
Также сделал линк /dev/pts/ptmx > /dev/ptmx.
При запуске:
$ screen
Cannot find terminfo entry for 'screen'.
Вход в chroot произвожу с --userspec=1001:1001. Если заходить без установки uid и gid ошибка та же.
jail:root:root:755
jail/bin:root:root:755
jail/bin/ls:root:root:755
jail/bin/cp:root:root:755
jail/bin/sh:root:root:755
jail/bin/cat:root:root:755
jail/bin/sleep:root:root:755
jail/bin/date:root:root:755
jail/bin/strace:root:root:755
jail/bin/ldd:root:root:755
jail/bin/bash:root:root:755
jail/bin/rm:root:root:755
jail/bin/screen:root:root:755
jail/bin/ltrace:root:root:755
jail/home:root:root:755
jail/root:root:root:755
jail/root/.bashrc:root:root:777
jail/tmp:root:root:777
jail/etc:root:root:755
jail/etc/terminfo:root:root:755
jail/etc/bash.bashrc:root:root:755
jail/etc/nsswitch.conf:root:root:755
jail/etc/screenrc:root:root:644
jail/etc/ld.so.cache:root:root:644
jail/etc/localtime:root:root:755
jail/lib:root:root:755
jail/lib/x86_64-linux-gnu:root:root:755
jail/lib/x86_64-linux-gnu/libncurses.so.5.9:root:root:644
jail/lib/x86_64-linux-gnu/libncurses.so.5:root:root:777
jail/lib/x86_64-linux-gnu/libnss_nisplus-2.13.so:root:root:644
jail/lib/x86_64-linux-gnu/libattr.so.1:root:root:755
jail/lib/x86_64-linux-gnu/librt.so.1:root:root:755
jail/lib/x86_64-linux-gnu/libnss_compat.so.2:root:root:644
jail/lib/x86_64-linux-gnu/libnss_hesiod-2.13.so:root:root:644
jail/lib/x86_64-linux-gnu/libtinfo.so.5:root:root:755
jail/lib/x86_64-linux-gnu/libacl.so.1:root:root:755
jail/lib/x86_64-linux-gnu/libnss_files-2.13.so:root:root:644
jail/lib/x86_64-linux-gnu/libnss_hesiod.so.2:root:root:777
jail/lib/x86_64-linux-gnu/libnss_nis.so.2:root:root:644
jail/lib/x86_64-linux-gnu/libcrypt.so.1:root:root:644
jail/lib/x86_64-linux-gnu/libnss_dns.so.2:root:root:755
jail/lib/x86_64-linux-gnu/libpthread.so.0:root:root:755
jail/lib/x86_64-linux-gnu/libnss_nis-2.13.so:root:root:644
jail/lib/x86_64-linux-gnu/libnss_files.so.2:root:root:777
jail/lib/x86_64-linux-gnu/libnss_nisplus.so.2:root:root:777
jail/lib/x86_64-linux-gnu/libselinux.so.1:root:root:755
jail/lib/x86_64-linux-gnu/libpam.so.0:root:root:644
jail/lib/x86_64-linux-gnu/libc.so.6:root:root:755
jail/lib/x86_64-linux-gnu/libdl.so.2:root:root:755
jail/lib/x86_64-linux-gnu/libutil.so.1:root:root:644
jail/lib/libnsl.so.1:root:root:644
jail/lib/ld-linux.so.2:root:root:755
jail/proc:root:root:755
jail/lib32:root:root:755
jail/lib32/libstdc++.so.6:root:root:755
jail/lib32/libgcc_s.so.1:root:root:755
jail/lib32/librt.so.1:root:root:755
jail/lib32/libm.so.6:root:root:755
jail/lib32/libnss_dns-2.13.so:root:root:755
jail/lib32/libpthread.so.0:root:root:755
jail/lib32/libc.so.6:root:root:755
jail/lib32/libdl.so.2:root:root:755
jail/dev:root:root:755
jail/dev/pts:root:root:755
jail/lib64:root:root:755
jail/lib64/ld-linux-x86-64.so.2:root:root:755
jail/data:root:root:755
jail/usr:root:root:755
jail/usr/lib:root:root:755
jail/usr/lib/x86_64-linux-gnu:root:root:755
jail/usr/lib/x86_64-linux-gnu/libmenu.so.5.9:root:root:644
jail/usr/lib/x86_64-linux-gnu/libform.so.5.9:root:root:644
jail/usr/lib/x86_64-linux-gnu/libform.so.5:root:root:777
jail/usr/lib/x86_64-linux-gnu/libpanel.so.5:root:root:777
jail/usr/lib/x86_64-linux-gnu/libpanel.so.5.9:root:root:644
jail/usr/lib/x86_64-linux-gnu/libmenu.so.5:root:root:777
jail/usr/lib/libelf.so.0:root:root:755
jail/usr/lib32:root:root:755
jail/usr/lib32/libstdc++.so.6:root:root:755
jail/usr/lib32/libgcc_s.so.1:root:root:755
jail/usr/share:root:root:755
jail/usr/share/terminfo:root:root:755
jail/usr/share/terminfo/s:root:root:755
jail/usr/share/terminfo/s/screen-bce.mrxvt:root:root:644
jail/usr/share/terminfo/s/screen-16color-bce:root:root:644
jail/usr/share/terminfo/s/screen.mrxvt:root:root:644
jail/usr/share/terminfo/s/screen-16color-s:root:root:644
jail/usr/share/terminfo/s/screen.konsole:root:root:644
jail/usr/share/terminfo/s/screen-256color-s:root:root:644
jail/usr/share/terminfo/s/screen-bce.xterm-new:root:root:644
jail/usr/share/terminfo/s/screen-bce.mlterm:root:root:644
jail/usr/share/terminfo/s/screen-bce.rxvt:root:root:644
jail/usr/share/terminfo/s/screen-16color-bce-s:root:root:644
jail/usr/share/terminfo/s/screen3:root:root:644
jail/usr/share/terminfo/s/screen.xterm-new:root:root:777
jail/usr/share/terminfo/s/screen-16color:root:root:644
jail/usr/share/terminfo/s/screen.Eterm:root:root:644
jail/usr/share/terminfo/s/screen.xterm-r6:root:root:644
jail/usr/share/terminfo/s/screen.vte:root:root:644
jail/usr/share/terminfo/s/screen+fkeys:root:root:644
jail/usr/share/terminfo/s/screen.xterm-xfree86:root:root:644
jail/usr/share/terminfo/s/screen.rxvt:root:root:644
jail/usr/share/terminfo/s/screen.teraterm:root:root:644
jail/usr/share/terminfo/s/screen-256color-bce-s:root:root:644
jail/usr/share/terminfo/s/screen2:root:root:644
jail/usr/share/terminfo/s/screen.gnome:root:root:644
jail/usr/share/terminfo/s/screen-bce.Eterm:root:root:644
jail/usr/share/terminfo/s/screen.mlterm:root:root:644
jail/usr/share/terminfo/s/screen-bce.linux:root:root:644
jail/usr/share/terminfo/s/screen-bce.konsole:root:root:644
jail/usr/share/terminfo/s/screen.linux:root:root:644
jail/usr/share/terminfo/s/screen-bce.gnome:root:root:644
jail/usr/share/screen:root:root:755
jail/usr/share/screen/utf8encodings:root:root:755
jail/usr/share/screen/utf8encodings/c6:root:root:644
jail/usr/share/screen/utf8encodings/04:root:root:644
jail/usr/share/screen/utf8encodings/cd:root:root:644
jail/usr/share/screen/utf8encodings/02:root:root:644
jail/usr/share/screen/utf8encodings/c7:root:root:644
jail/usr/share/screen/utf8encodings/19:root:root:644
jail/usr/share/screen/utf8encodings/c8:root:root:644
jail/usr/share/screen/utf8encodings/03:root:root:644
jail/usr/share/screen/utf8encodings/a1:root:root:644
jail/usr/share/screen/utf8encodings/c4:root:root:644
jail/usr/share/screen/utf8encodings/01:root:root:644
jail/usr/share/screen/utf8encodings/18:root:root:644
jail/usr/share/screen/utf8encodings/bf:root:root:644
jail/usr/share/screen/utf8encodings/c2:root:root:644
jail/usr/share/screen/utf8encodings/cc:root:root:644
jail/usr/share/screen/utf8encodings/d6:root:root:644
jail/usr/share/screen/utf8encodings/c3:root:root:644
jail/var:root:root:755
jail/var/run:root:root:777
jail/var/run/utmp:root:root:777
jail/var/run/screen:root:root:755
Решение
Нужно было скопировать так же /lib/terminfo/*
А как вы посоветовали бы организовать песочницу для процессов?
Нужно сделать окружение chroot с минимальным количеством библиотек для выполнения некоторых задач с использованием screen.
Очень важен размер, т.к. данное окружение будет скопировано каждому пользователю отдельно.
Приветствуются также альтернативы "jailing'а" процессов, которые подойдут для данных действий.
Все зависимости (по ldd и strace) скопировал.
Смонтировал proc, /dev/null, /dev/tty, /dev/pts (mount -t devpts none /chroot/dev/pts -o ptmxmode=0666).
Также сделал линк /dev/pts/ptmx > /dev/ptmx.
При запуске:
$ screen
Cannot find terminfo entry for 'screen'.
Вход в chroot произвожу с --userspec=1001:1001. Если заходить без установки uid и gid ошибка та же.
jail:root:root:755
jail/bin:root:root:755
jail/bin/ls:root:root:755
jail/bin/cp:root:root:755
jail/bin/sh:root:root:755
jail/bin/cat:root:root:755
jail/bin/sleep:root:root:755
jail/bin/date:root:root:755
jail/bin/strace:root:root:755
jail/bin/ldd:root:root:755
jail/bin/bash:root:root:755
jail/bin/rm:root:root:755
jail/bin/screen:root:root:755
jail/bin/ltrace:root:root:755
jail/home:root:root:755
jail/root:root:root:755
jail/root/.bashrc:root:root:777
jail/tmp:root:root:777
jail/etc:root:root:755
jail/etc/terminfo:root:root:755
jail/etc/bash.bashrc:root:root:755
jail/etc/nsswitch.conf:root:root:755
jail/etc/screenrc:root:root:644
jail/etc/ld.so.cache:root:root:644
jail/etc/localtime:root:root:755
jail/lib:root:root:755
jail/lib/x86_64-linux-gnu:root:root:755
jail/lib/x86_64-linux-gnu/libncurses.so.5.9:root:root:644
jail/lib/x86_64-linux-gnu/libncurses.so.5:root:root:777
jail/lib/x86_64-linux-gnu/libnss_nisplus-2.13.so:root:root:644
jail/lib/x86_64-linux-gnu/libattr.so.1:root:root:755
jail/lib/x86_64-linux-gnu/librt.so.1:root:root:755
jail/lib/x86_64-linux-gnu/libnss_compat.so.2:root:root:644
jail/lib/x86_64-linux-gnu/libnss_hesiod-2.13.so:root:root:644
jail/lib/x86_64-linux-gnu/libtinfo.so.5:root:root:755
jail/lib/x86_64-linux-gnu/libacl.so.1:root:root:755
jail/lib/x86_64-linux-gnu/libnss_files-2.13.so:root:root:644
jail/lib/x86_64-linux-gnu/libnss_hesiod.so.2:root:root:777
jail/lib/x86_64-linux-gnu/libnss_nis.so.2:root:root:644
jail/lib/x86_64-linux-gnu/libcrypt.so.1:root:root:644
jail/lib/x86_64-linux-gnu/libnss_dns.so.2:root:root:755
jail/lib/x86_64-linux-gnu/libpthread.so.0:root:root:755
jail/lib/x86_64-linux-gnu/libnss_nis-2.13.so:root:root:644
jail/lib/x86_64-linux-gnu/libnss_files.so.2:root:root:777
jail/lib/x86_64-linux-gnu/libnss_nisplus.so.2:root:root:777
jail/lib/x86_64-linux-gnu/libselinux.so.1:root:root:755
jail/lib/x86_64-linux-gnu/libpam.so.0:root:root:644
jail/lib/x86_64-linux-gnu/libc.so.6:root:root:755
jail/lib/x86_64-linux-gnu/libdl.so.2:root:root:755
jail/lib/x86_64-linux-gnu/libutil.so.1:root:root:644
jail/lib/libnsl.so.1:root:root:644
jail/lib/ld-linux.so.2:root:root:755
jail/proc:root:root:755
jail/lib32:root:root:755
jail/lib32/libstdc++.so.6:root:root:755
jail/lib32/libgcc_s.so.1:root:root:755
jail/lib32/librt.so.1:root:root:755
jail/lib32/libm.so.6:root:root:755
jail/lib32/libnss_dns-2.13.so:root:root:755
jail/lib32/libpthread.so.0:root:root:755
jail/lib32/libc.so.6:root:root:755
jail/lib32/libdl.so.2:root:root:755
jail/dev:root:root:755
jail/dev/pts:root:root:755
jail/lib64:root:root:755
jail/lib64/ld-linux-x86-64.so.2:root:root:755
jail/data:root:root:755
jail/usr:root:root:755
jail/usr/lib:root:root:755
jail/usr/lib/x86_64-linux-gnu:root:root:755
jail/usr/lib/x86_64-linux-gnu/libmenu.so.5.9:root:root:644
jail/usr/lib/x86_64-linux-gnu/libform.so.5.9:root:root:644
jail/usr/lib/x86_64-linux-gnu/libform.so.5:root:root:777
jail/usr/lib/x86_64-linux-gnu/libpanel.so.5:root:root:777
jail/usr/lib/x86_64-linux-gnu/libpanel.so.5.9:root:root:644
jail/usr/lib/x86_64-linux-gnu/libmenu.so.5:root:root:777
jail/usr/lib/libelf.so.0:root:root:755
jail/usr/lib32:root:root:755
jail/usr/lib32/libstdc++.so.6:root:root:755
jail/usr/lib32/libgcc_s.so.1:root:root:755
jail/usr/share:root:root:755
jail/usr/share/terminfo:root:root:755
jail/usr/share/terminfo/s:root:root:755
jail/usr/share/terminfo/s/screen-bce.mrxvt:root:root:644
jail/usr/share/terminfo/s/screen-16color-bce:root:root:644
jail/usr/share/terminfo/s/screen.mrxvt:root:root:644
jail/usr/share/terminfo/s/screen-16color-s:root:root:644
jail/usr/share/terminfo/s/screen.konsole:root:root:644
jail/usr/share/terminfo/s/screen-256color-s:root:root:644
jail/usr/share/terminfo/s/screen-bce.xterm-new:root:root:644
jail/usr/share/terminfo/s/screen-bce.mlterm:root:root:644
jail/usr/share/terminfo/s/screen-bce.rxvt:root:root:644
jail/usr/share/terminfo/s/screen-16color-bce-s:root:root:644
jail/usr/share/terminfo/s/screen3:root:root:644
jail/usr/share/terminfo/s/screen.xterm-new:root:root:777
jail/usr/share/terminfo/s/screen-16color:root:root:644
jail/usr/share/terminfo/s/screen.Eterm:root:root:644
jail/usr/share/terminfo/s/screen.xterm-r6:root:root:644
jail/usr/share/terminfo/s/screen.vte:root:root:644
jail/usr/share/terminfo/s/screen+fkeys:root:root:644
jail/usr/share/terminfo/s/screen.xterm-xfree86:root:root:644
jail/usr/share/terminfo/s/screen.rxvt:root:root:644
jail/usr/share/terminfo/s/screen.teraterm:root:root:644
jail/usr/share/terminfo/s/screen-256color-bce-s:root:root:644
jail/usr/share/terminfo/s/screen2:root:root:644
jail/usr/share/terminfo/s/screen.gnome:root:root:644
jail/usr/share/terminfo/s/screen-bce.Eterm:root:root:644
jail/usr/share/terminfo/s/screen.mlterm:root:root:644
jail/usr/share/terminfo/s/screen-bce.linux:root:root:644
jail/usr/share/terminfo/s/screen-bce.konsole:root:root:644
jail/usr/share/terminfo/s/screen.linux:root:root:644
jail/usr/share/terminfo/s/screen-bce.gnome:root:root:644
jail/usr/share/screen:root:root:755
jail/usr/share/screen/utf8encodings:root:root:755
jail/usr/share/screen/utf8encodings/c6:root:root:644
jail/usr/share/screen/utf8encodings/04:root:root:644
jail/usr/share/screen/utf8encodings/cd:root:root:644
jail/usr/share/screen/utf8encodings/02:root:root:644
jail/usr/share/screen/utf8encodings/c7:root:root:644
jail/usr/share/screen/utf8encodings/19:root:root:644
jail/usr/share/screen/utf8encodings/c8:root:root:644
jail/usr/share/screen/utf8encodings/03:root:root:644
jail/usr/share/screen/utf8encodings/a1:root:root:644
jail/usr/share/screen/utf8encodings/c4:root:root:644
jail/usr/share/screen/utf8encodings/01:root:root:644
jail/usr/share/screen/utf8encodings/18:root:root:644
jail/usr/share/screen/utf8encodings/bf:root:root:644
jail/usr/share/screen/utf8encodings/c2:root:root:644
jail/usr/share/screen/utf8encodings/cc:root:root:644
jail/usr/share/screen/utf8encodings/d6:root:root:644
jail/usr/share/screen/utf8encodings/c3:root:root:644
jail/var:root:root:755
jail/var/run:root:root:777
jail/var/run/utmp:root:root:777
jail/var/run/screen:root:root:755
Решение
Нужно было скопировать так же /lib/terminfo/*
А как вы посоветовали бы организовать песочницу для процессов?