LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Running configure scripts inside chroot on Grsec kernel (https://www.linuxquestions.org/questions/linux-software-2/running-configure-scripts-inside-chroot-on-grsec-kernel-848016/)

fmillion 12-02-2010 04:48 PM

Running configure scripts inside chroot on Grsec kernel
 
Hello,

I seem unable to run any configure scripts (autoconf) inside a Chroot environment on a box with a Grsec kernel. The chroot environment is actually a full Linux LFS installation (which was compiled from the LFS LiveCD, which is not Grsec-enabled). Attempting to run configure produces no output whatsoever, and the process never responds or returns.

Strace output is hard to decipher for me, but it appears that it is looping somehow. (It won't let me attach the compressed bz2 file of the text, as uncompressed for only a 1 minute run it is over 8MB, but compresses down to 65KB, which indicates a lot of repetition.)

Is this a Grsec issue? Is there any resolution short of not using Grsec on the box in question or only compiling applications on other non-Grsec kernel systems? (Some packages I am compiling may need to be aware of Grsec...)

fm

slimm609 12-02-2010 09:51 PM

Chroot on grsecurity is locked down pretty tight. if you compile it outside of chroot it should work fine but not inside of chroot on grsecurity.

Quote:

Chroot restrictions

No attaching shared memory outside of chroot
No kill outside of chroot
No ptrace outside of chroot (architecture independent)
No capget outside of chroot
No setpgid outside of chroot
No getpgid outside of chroot
No getsid outside of chroot
No sending of signals by fcntl outside of chroot
No viewing of any process outside of chroot, even if /proc is mounted
No mounting or remounting
No pivot_root
No double chroot
No fchdir out of chroot
Enforced chdir("/") upon chroot
No (f)chmod +s
No mknod
No sysctl writes
No raising of scheduler priority
No connecting to abstract unix domain sockets outside of chroot
Removal of harmful privileges via capabilities
Exec logging within chroot

fmillion 12-03-2010 10:24 AM

Ah, therein lies the problem. The problem is that the libc version inside the chroot is different than the one outside, so compiling outside on the host box will not work.

So far I've been successful at just keeping a copy of the chroot somewhere else (a non-grsec box) and using it to compile things there, then using DESTDIR to make a "package" to transfer the compiled files to the chroot. It does seem to be owrking.

So if we're pretty sure this is a Grsec issue, and it's by design, then I guess that's how it is. At least the system works at all LOL.

FM


All times are GMT -5. The time now is 03:28 AM.