On Sat, Jan 05, 2008 at 03:59:40PM +0100, Heikki Levanto wrote: > On Fri, Jan 04, 2008 at 12:11:01PM -0500, Douglas A. Tutty wrote: > > Under what conditions would you need to boot the 32-bit chroot natively? > > Hopefully none - but until it works perfectly, I need a way to get back > there, so I can use my netbank (firefox, java, etc), and other things. > Well, perhaps to run some performance tests, to show that my go program > really is faster on a real 64-bit system. (well, I have to write that program > first...) > > > I access the chroot with > > $ schroot -pc etch-ia32 > > which means that I have the schroot package installed on the amd64 > > system. > > > Thanks. The basic setup was surprisingly easy. I used the old root partition, > so I did not have to install anything at all! > > I still had to (re?)mount my disks manually, haven't found where to tell > schroot which disks I need mounted, or how to get them all right. > > I run into problems with X display not coming out. xeyes times out after some > seconds with "Could not connect to :0". I fixed that by enabling tcp > listening (in vi /etc/kde3/kdm/kdmrc), and setting DISPLAY="127.0.0.1" > inside the chroot. And a "xhost +" on the amd-64 side. Xeyes works, xine > works! Firefox works - except when I try to go to my netbank (www.nordea.dk). > I get the login screen, but the process dies in a few seconds, often in the > middle of me typing in my password. > > I am using a 'plain' schroot, since I already have the old root system > mounted. Perhaps I should try with a block device type thing?
Here's my /etc/schroot/schroot.conf: 8>-- # schroot chroot definitions. # See schroot.conf(5) for complete documentation of the file format. # # Please take note that you should not add untrusted users to # root-groups, because they will essentially have full root access # to your system. They will only have root access inside the chroot, # but that's enough to cause malicious damage. # # # # [etch-ia32] type=directory description=Debian Etch ia32 groups=ssh run-setup-scripts=true run-exec-scripts=true personality=linux32 location=/srv/chroot/etch-ia32 [snip commented out example lines] 8>-- Since /srv is its own LVM, it is its own block device, but it is always mouted in the base amd64 system's fstab. Therefore, this is a directory type, which give auto-mounting and set up of networking, directories, passwords, whatever. The groups=ssh I put in. On my box, as a bit of security, I only allow members of the ssh group to run ssh. Those same users are the ones I would allow to run apps in the chroot. There's a general rule that, for security, you should never trust anyone in a chroot that you wouldn't trust with root access on the main box. This is probably overkill with schroot but I didn't want just any random UID to run apps either. I found that schroot ends up leaving schroot sessions active and then restoring them on reboot. Since I didn't want or need persistant sessions and I shutdown every night, I removed the symlinks from /etc/rc*.d to /etc/init.d/schroot. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
