Obtaining access to file in chroot environment from usual root...
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Obtaining access to file in chroot environment from usual root...
Hi,
I'm facing a problem with access to an iso file in chroot environment from my usual root (/) env..
Within the chroot environment I have an iso file placed... In my program I need to access this iso file and perform mount and other operations.. But I cant do this in the chroot environment as I have only basic commands here (ls,cp etc.. and no mount)
So how can I access this iso file from my program ? Is there something like a file-descriptor which I can associate with the file exit from the chroot env and access the file via this fd ?
you should try to mount the isofile before chrooting. This should afaik work.
Markus
Hi Markus,
Thanks for your response.. But my query was how can I access this isofile from my program ? I need to pass this as an arg to mount cmd right, so how do I access this file from my normal env ? I am guessing I shouldnt just append the my chroot env dir manually and access the iso file.. Am I wrong here ?
mh, I do not really understand what you're doing, could you please provide more information? Please give us an overview about your program and your requirements.
Use losetup to associate the file to a device, then mount that device. You do some neat tricks with losetup -if you assign a device as above you can even mount something over its' parent path and the device will still be avaiable. Here's a little script I banged together to denonstrate to some a long time ago:
Code:
#!/bin/bash
# this script demonstrates how to access devices or files which are located
# somewhere that has been mounted later
# Just run './mount-tricks' to run the demo
# run './mount-tricks undo' to clean up mounts and loop device
if [[ $1 = undo ]] ; then
umount /mnt/test2
#umount /mnt/test1
umount /dev/loop0
losetup -d /dev/loop0
rm -rf /mnt/test1 /mnt/test2 /mnt/looptest
exit
fi
# create 3 mount points
echo "Creating /mnt/looptest /mnt/test1 /mnt/test2"
mkdir -p /mnt/looptest /mnt/test1 /mnt/test2
# make a small partition image to test with
echo "Creating a small partition image"
dd if=/dev/zero of=/mnt/test1/test.img bs=1k count=5120
echo "Formatting partition image"
echo y | mke2fs /mnt/test1/test.img
echo
echo
# associate the test image with loop0
echo "Setting up /mnt/test1/test.img on loop device /dev/loop0"
losetup /dev/loop0 /mnt/test1/test.img
# mount the looped image device on
echo "Mounting the loop device on /mnt/test1"
mount -t ext2 /dev/loop0 /mnt/looptest
# copy some stuff in there
echo "Now creating a couple of test files /mnt/test1/testfile1 & /mnt/test1/testfile2"
echo testme > /mnt/looptest/testfile1
echo testmetoo > /mnt/looptest/testfile2
echo
# show the output
echo "ls /mnt/test1: (directory where the test.img is located"
ls /mnt/test1
echo "ls /mnt/looptest: (directory where the test.img is loop mounted"
ls /mnt/looptest
echo "contents of /mnt/looptest/testfile1:"
cat /mnt/looptest/testfile1
echo "contents of /mnt/looptest/testfile2:"
cat /mnt/looptest/testfile2
echo "Press ENTER to continue"
read
echo =====
# now mount with bind
echo "mounting /mnt/test1 using bind on /mnt/test2"
mount --bind /mnt/test1 /mnt/test2
echo "ls /mnt/test1:"
ls /mnt/test1
echo "ls /mnt/test2:"
ls /mnt/test2
echo "Here /mnt/test2 mirrors the contents of /mnt/test1"
echo "Press ENTER to continue"
read
#
echo "now mounting /mnt/test1 on tmpfs"
mount -t tmpfs tmpfs /mnt/test1
echo "ls /mnt/test1:"
ls /mnt/test1
echo "ls /mnt/test2:"
ls /mnt/test2
echo "ls /mnt/looptest:"
ls /mnt/looptest
echo "Now, when /mnt/test1 is mounted on tmpfs"
echo "the contents disappear there, but not in /mnt/test2"
echo "and the contents in the loop device are also still there"
echo "Press ENTER to continue"
read
echo =====
echo "Now creating a file under /mnt/test1 which is mounted on tmpfs"
echo testme3 > /mnt/test1/testfile3
echo "ls /mnt/test1:"
ls /mnt/test1
echo "ls /mnt/test2:"
ls /mnt/test2
echo "ls /mnt/looptest:"
ls /mnt/looptest
echo =====
echo "Now unmounting tmpfs"
umount /mnt/test1
echo "ls /mnt/test1:"
ls /mnt/test1
echo "ls /mnt/test2:"
ls /mnt/test2
echo "ls /mnt/looptest:"
ls /mnt/looptest
echo "After unmounting /mnt/test1 from tmpfs"
echo "The original contents are visble again,"
echo "and what was written there while mounted tmpfs is gone"
#mount -t tmpfs tmpfs /mnt/loop
mh, I do not really understand what you're doing, could you please provide more information? Please give us an overview about your program and your requirements.
Markus
Ok.. So I have this limited environment where I expose only basic cmds (ls,cp etc) and basic dirs [/home , /random ] for an unprivileged user on login..
- /random is a common dir shared by all users, where they are free to keep large files. One such case is when one wishes to keep an iso image here.
- This limited env is my chrooted env
- Now the unprivileged user calls a prog to install the iso..The iso will be given as input to the program as
/random/<image>.iso
- This program will run with root privilege.. In this program I would like to access the iso image to perform mount and other operations.. But the user has given the input from the "chroot"-ed env point of view..(/random/<image>.iso where / is /usr/tmp)... So when my program runs from a normal root env, how can I access the iso image (which is in the chroot env) ? Just appending /usr/tmp to what the user has given as input(/random/<image>.iso) seems like a trivial soln and I feel this isnt how a file in chrooted env should be accessed...
Hope that was clear.. Please let me know otherwise, will try to provide another eg..
Before calling chroot, create a fifo that's available in e.g. /random of the chroot environment. Make sure this can only be written to by the users that can run your program, and make it unreadable.
Run a root script that waits for input from this fifo as a daemon. Since it's root, it will be able to read from the fifo.
When input is received from the fifo, have the script execute the program with the appropriate options, possibly derived from the fifo input.
Within the chroot environment, have a script (to be called by the user) that sends the appropriate information to the fifo. The program will then be run as root in the real environment.
Quote:
Originally Posted by acc_Wk
Just appending /usr/tmp to what the user has given as input(/random/<image>.iso) seems like a trivial soln and I feel this isnt how a file in chrooted env should be accessed...
You could mount --bind /usr/tmp/random /random in the normal environment. This would require that the ISO be in /usr/tmp/random, though. In general, you should just be prepending /usr/tmp to the filenames, otherwise the chrooted users will have indirect access to the root filesystem. In this case it doesn't seem like that big of a deal, though.
Quote:
Originally Posted by acc_Wk
- Now the unprivileged user calls a prog to install the iso..The iso will be given as input to the program as
/random/<image>.iso
- This program will run with root privilege.. In this program I would like to access the iso image to perform mount and other operations.. But the user has given the input from the "chroot"-ed env point of view..(/random/<image>.iso where / is /usr/tmp)... So when my program runs from a normal root env, how can I access the iso image (which is in the chroot env) ? Just appending /usr/tmp to what the user has given as input(/random/<image>.iso) seems like a trivial soln and I feel this isnt how a file in chrooted env should be accessed...
These two things sound inconsistent with each other. This process was what I thought I was providing a solution for above.
Kevin Barry
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.