Running xinetd in chroot jail

santosh0705 · 10-09-2013, 03:54 AM

I'm running an application in chroot jail environment. Now I need to run tftpd inside it. My doubt is can I run xinetd inside chroot jail? my host Linux system is already running an instance of xinetd.

Your valuable inputs are highly appreciated.

Keith Hedger · 10-09-2013, 07:22 AM

When I want to run an X application from chroot I use:

Code:

xhost +

From the host and chroot using this script in the root directory of the chroot ( you may want to tweak it )

Code:

#!/bin/bash -e

LFS=$(pwd)
mount -v --bind /dev $LFS/dev
mount -vt devpts devpts $LFS/dev/pts
mount -vt proc proc $LFS/proc
mount -vt sysfs sysfs $LFS/sys

if [ -h $LFS/dev/shm ];then
	link=$(readlink $LFS/dev/shm)
	mkdir -p $LFS/$link
	mount -vt tmpfs shm $LFS/$link
	unset link
else
	mount -vt tmpfs shm $LFS/dev/shm
fi

chroot "$LFS" /usr/bin/env -i HOME=/root TERM="$TERM" PS1='\u:\w\$ ' PATH=/bin:/usr/bin:/sbin:/usr/sbin /bin/bash --login

end then inside choot run

Code:

export DISPLAY=192.168.1.177:0
xterm

Obviously change your IP etc to suit your own situation.

jpollard · 10-09-2013, 07:47 AM

Quote:

Originally Posted by santosh0705

I'm running an application in chroot jail environment. Now I need to run tftpd inside it. My doubt is can I run xinetd inside chroot jail? my host Linux system is already running an instance of xinetd.

Why would you need to run xinetd in the jail?

Just run the tftpd server. The only function xinetd provides is a bit of memory optimization by not running services all the time - it only runs the one being requested. If tftpd is the only service, then xinetd is not needed - just run tftpd.

chrism01 · 10-09-2013, 06:37 PM

Good advice from jpollard

@Keith Hedger: xinetd is not an X11 util; see http://www.linuxtopia.org/online_boo...rappers-xinetd

santosh0705 · 10-10-2013, 02:31 AM

@jpollard: thank you for your reply.

Actually my app is backed by Cobbler and I need Cobbler should manage the tftpd, Cobbler only manage the tftpd and its own python based tftp servers and both are using xinetd

I can run atftp server but Cobbler will not manage it

My host Linux OS is already running an instance of xinetd, just wanted to know can I run an another instance of xinetd inside chroot?

Keith Hedger · 10-10-2013, 02:40 AM

Quote:

Originally Posted by chrism01

Good advice from jpollard

@Keith Hedger: xinetd is not an X11 util; see http://www.linuxtopia.org/online_boo...rappers-xinetd

I know xinitd is not an xapp I was pointing out an easier way to start an x app from chroot, rather than running a full blown X server, guess I should have said that in words of one syllable

jpollard · 10-10-2013, 04:24 AM

Quote:

Originally Posted by santosh0705

@jpollard: thank you for your reply.

Actually my app is backed by Cobbler and I need Cobbler should manage the tftpd, Cobbler only manage the tftpd and its own python based tftp servers and both are using xinetd

I can run atftp server but Cobbler will not manage it

My host Linux OS is already running an instance of xinetd, just wanted to know can I run an another instance of xinetd inside chroot?

From skimming the documentation on Cobbler (admittedly a quick one), it looks more like it would require a lot of modifications to work properly in a chroot jail. Cobbler doesn't look like it is designed for that (the number of required packages to be installed before it works is one indicator).

It would likely be easier to get it working in a VM.

santosh0705 · 10-10-2013, 04:27 AM

Quote:

Originally Posted by Keith Hedger

I know xinitd is not an xapp I was pointing out an easier way to start an x app from chroot, rather than running a full blown X server, guess I should have said that in words of one syllable

Hi Keith Hedger,
My required services are running fine in my chroot. so its not an issue of running app in chroot its all about running the xinetd service in chroot while the host OS simultaneously running one.

jpollard · 10-10-2013, 04:51 AM

Quote:

Originally Posted by santosh0705

Hi Keith Hedger,
My required services are running fine in my chroot. so its not an issue of running app in chroot its all about running the xinetd service in chroot while the host OS simultaneously running one.

The problem isn't "will it run", yes it will run.

The problem is complexity. Once both are running, which xinetd service is to be directed to reload its configuration? There are now two directory trees for managment - one in the chroot jail... External support gets more complicated - you end up having to either modify the external support... or put it into the jail as well. And based on looking at Cobbler, that could get complicated.