Re: [Crossplex-dev] mknod without sudo prviledges

[David Wuertele]

On Thu, Mar 4, 2010 at 9:43 AM, Michael McElroy <address@hidden> wrote:
> I built the example on my Ubuntu system. The build stopped and asked for a
> password with making device nodes. OK, I can fix that on my home system but
> at work, can't do it. My work system just terminates the build when trying
> to run mknod. I've read about using a chroot jail or a utility called
> makedev. How do other people handle this.

I don't believe the kernel will allow device node creation by a
non-root user even in a chroot jail.  The problem is that if you can
create your own device, you can create it with any permissions you
want, and that gives a way to bypass normal device permissions.
However, you may be able to fake the creation of a device node.  I
believe the fakeroot program could work for this, but I haven't tried
it yet.  It will take some experimentation to integrate fakeroot with
crossplex, but that is on my to-do list.  One issue is that any
command that expects to find the device node must be run in the
fakeroot environment.

If you have time to experiment, you could install fakeroot, and run
the crossplex make inside of fakeroot.  Crossplex will still try to
use "sudo" unless you remove it.  You can easily remove it by editing
lines 103-112 in crossplex-0.10.0/lib/targetfs.mk.

If someone can show me how to actually create real devices like "sudo
mknod -m 600 console c 5 1" without the sudo, I will change crossplex
to do it that way.

I know that at least for the construction of initramfs filesystems
built into the Linux kernel, it is possible to create a device
description without creating the devices themselves.  I might add that
functionality to crossplex as an optimization.  However, this does not
solve the problem of creating nodes on the local host for export as an
NFS filesystem, or other deployment modes that don't have the
meta-device option.

Dave