Re: [Crossplex-dev] mknod without sudo prviledges

On Thu, Mar 4, 2010 at 3:59 PM, Michael McElroy <address@hidden> wrote:

Dave,

What you said helped me figure out why I couldn't make a node. All our filesystems are NFS exports. If I go to some local directory on the system it works. Wonder if this is a setable permission in NFS.

Mike

On Thu, Mar 4, 2010 at 3:33 PM, David Wuertele <address@hidden> wrote:

If fakeroot causes problems with building binaries (I guess you mean
compiling source into executables), then it would not be a good
strategy to run crossplex inside a fakeroot shell! Maybe the warning
is too conservative, it is certainly worth testing.

But what about the case where you want to create device nodes on an
NFS exported filesystem?

I'm starting to think that Crossplex should have some kind of a switch
enabling sudo for situations like NFS, but in the common case device
files can be created on an initramfs using device description files
during the kernel build, or they can be created on a tmpfs after boot
via udev.

Dave

On Thu, Mar 4, 2010 at 12:26 PM, Michael McElroy <address@hidden> wrote:
> Hi Dave,
>
> I having been fooling around with fakeroot today. It's strange. If I kick
> off a shell in fakeroot, I can create the nodes and archive them. The
> results in the real filesystem will be files. The fakeroot man page advises
> against building binaries under it. I'll look at the crossplex files and see
> what I can do.
>
> Here's an example:
>
> cd ~/testfiles; fakeroot -- /bin/bash -c "mknod xxx c 1 2;tar cf
> /home/mike/test.tar ."
>
> or
>
> cd ~/testfiles; fakeroot -- /bin/bash -c "/bin/bash cmdlist;tar cf
> /home/mike/test.tar ."
>
>
> Mike
>
>
> On Thu, Mar 4, 2010 at 2:53 PM, David Wuertele <address@hidden> wrote:
>>
>> On Thu, Mar 4, 2010 at 9:43 AM, Michael McElroy <address@hidden>
>> wrote:
>> > I built the example on my Ubuntu system. The build stopped and asked for
>> > a
>> > password with making device nodes. OK, I can fix that on my home system
>> > but
>> > at work, can't do it. My work system just terminates the build when
>> > trying
>> > to run mknod. I've read about using a chroot jail or a utility called
>> > makedev. How do other people handle this.
>>
>> I don't believe the kernel will allow device node creation by a
>> non-root user even in a chroot jail. The problem is that if you can
>> create your own device, you can create it with any permissions you
>> want, and that gives a way to bypass normal device permissions.
>> However, you may be able to fake the creation of a device node. I
>> believe the fakeroot program could work for this, but I haven't tried
>> it yet. It will take some experimentation to integrate fakeroot with
>> crossplex, but that is on my to-do list. One issue is that any
>> command that expects to find the device node must be run in the
>> fakeroot environment.
>>
>> If you have time to experiment, you could install fakeroot, and run
>> the crossplex make inside of fakeroot. Crossplex will still try to
>> use "sudo" unless you remove it. You can easily remove it by editing
>> lines 103-112 in crossplex-0.10.0/lib/targetfs.mk.
>>
>> If someone can show me how to actually create real devices like "sudo
>> mknod -m 600 console c 5 1" without the sudo, I will change crossplex
>> to do it that way.
>>
>> I know that at least for the construction of initramfs filesystems
>> built into the Linux kernel, it is possible to create a device
>> description without creating the devices themselves. I might add that
>> functionality to crossplex as an optimization. However, this does not
>> solve the problem of creating nodes on the local host for export as an
>> NFS filesystem, or other deployment modes that don't have the
>> meta-device option.
>>
>> Dave
>
>

From:	Michael McElroy
Subject:	Re: [Crossplex-dev] mknod without sudo prviledges
Date:	Thu, 4 Mar 2010 22:46:03 -0500