LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-22-2018, 09:03 AM   #16
orbea
Senior Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 1,950

Rep: Reputation: Disabled

Quote:
Originally Posted by a4z View Post
fakeroot is, unfortunately, not part of Slackware and/or the Slackware philosophy, or whatever, there have been threads about this in the past.
however, if you have sudo rights, or you can su, than you a defacto admin, and not having everything in */sbin in you path is annoying anyway.
so extending you wheel group's users path is something that can be easy done, as installing fakeroot. without waiting for a change that will never come.
Another alternative is sandbox from gentoo which seems to work just fine with Slackware build scripts and sbopkg with a little configuration. As opposed to fakeroot it doesn't fake the root environment so much as it makes the user restricted from making changes to non-permissive paths as configured in /etc/sandbox.conf.

For example.
Code:
# sandbox touch /etc/foo
 * ACCESS DENIED:  open_wr:      /etc/foo
 * ACCESS DENIED:  utimensat:    /etc/foo
touch: cannot touch '/etc/foo': Permission denied
 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/tmp/sandbox-12577.log"
 * 
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /etc/foo
A: /etc/foo
R: /etc/foo
C: touch /etc/foo 

F: utimensat
S: deny
P: /etc/foo
A: /etc/foo
R: /etc/foo
C: touch /etc/foo 
 * --------------------------------------------------------------------------------
I'll likely submit it to SBo sometime this week, but in the mean time my script is available here.

https://notabug.org/orbea/SlackBuild...system/sandbox

Last edited by orbea; 05-22-2018 at 09:06 AM.
 
1 members found this post helpful.
Old 05-22-2018, 09:23 AM   #17
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,307
Blog Entries: 4

Rep: Reputation: Disabled
Some other technologies worth a look:

https://fakeroot-ng.lingnu.com/index.php/Home_Page <-- pay attention to the difference between PTRACE and LD_PRELOAD; this is one reason why fakeroot is far from a complete solution. Edit: for example, I never could get fakeroot + ccache + nfs to work together.

https://wiki.debian.org/Schroot

It looks to me like Gentoo's sandbox uses LD_PRELOAD? Does sandbox just crap out at the first violation instead of running to completion and listing what was wrongly modified?

It's quite depressing that you're all suddenly getting excited about this when slackrepo has been serving it all on a plate for years now ;(

Last edited by 55020; 05-22-2018 at 09:27 AM.
 
1 members found this post helpful.
Old 05-22-2018, 09:48 AM   #18
orbea
Senior Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 1,950

Rep: Reputation: Disabled
Yes, it seems sandbox uses LD_PRELOAD and will error on access violations. However it does seem to allow retroarch to start and work without sound despite some expected access violations. This should help explain its method from the README.

Quote:
The way sandbox works is that you prime a few environment variables (in order
to control the sandbox's behavior) and then stick it into the LD_PRELOAD
variable. Then when the ELF loader runs, it will first load the sandbox
library. Whenever an applications makes a library call that we have wrapped,
we'll check the arguments against the environment settings. Based on that, any
access that is not permitted is logged and we return an error to the
application. Any access that is permitted is of course forwarded along to the
real C library.
My interest in sandbox is simply because a friend who uses gentoo talked it up and I tried it to see if how tied into gentoo it was and if there was anything to it. Additionally it has a wider use than just building packages, for example it could be used with a game to ensure it doesn't edit files you are unaware of.

By all means slackrepo seems better suited as a dedicated Slackware build tool as opposed to sandbox which is much more general and only covers some of the use cases slackrepo advertises. I think its good to have choice.
 
Old 05-22-2018, 10:50 AM   #19
a4z
Senior Member
 
Registered: Feb 2009
Posts: 1,727

Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
it seems that slackrepo and sandbox can not be compared, slackrepo could use sandbox, so to me it seems that these are 2 different tools
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Software installation with parameters (installation time) BeeZone Linux - Software 1 09-12-2017 07:39 PM
seeking comprehensive guides to software sources and software installation guides geniuspenguis Linux - General 6 04-30-2015 06:14 AM
[SOLVED] Software installation problem in ubuntu 10.10 by software center Puneet Jindal Linux - Newbie 1 04-11-2011 06:17 AM
Adding an old software-RAID array to a software-RAID installation.. Boot problems GarethM Linux - Hardware 2 05-05-2008 03:16 PM
Installation Software for Custom Developed Java/Perl Software donkey123 Linux - Software 0 06-15-2005 05:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration