Re: [lfs-support] Problems with su when building LFS
Tim Tassonis wrote: I have found a workaround for my problem: If I replace mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 with mount -v --bind /dev/pts $LFS/dev/pts I get the needed /dev/pts/0 and sudo and su with password asking now works. As it seems that this is really only a chroot issue and su and sudo now work fine, I'll continue with that. I'm not yet sure of the exact security implications, but as this is a dedicated vm only for building the system, it should be ok. What I recommend is just get ssh working and then work from your host. With ssl now in LFS, ssh does not need any dependencies. I generally have a problem pasting between a host and VM anyway, so ssh cures that problem. Are you using qemu? -- Bruce -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
On 02/11/2018 10:07 PM, Tim Tassonis wrote: On 02/11/2018 09:17 PM, Bruce Dubbs wrote: Tim Tassonis wrote: Hi all I currently building LFS (svn) and seem to get a problem doing su in the chroot environment. I am past shadow now and have set-up a user to work with. The user however should be able to su to root. I have done the same on lfs 7.9 and lfs 8.0 without problems. I think, I follow the book when entering the chroot: LFS=/lfs export LFS mount -v --bind /dev $LFS/dev mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 mount -vt proc proc $LFS/proc mount -vt sysfs sysfs $LFS/sys mount -vt tmpfs tmpfs $LFS/run if [ -h $LFS/dev/shm ]; then mkdir -pv $LFS/$(readlink $LFS/dev/shm) fi chroot "$LFS" /tools/bin/env -i \ HOME=/root \ TERM="$TERM" \ PS1='\u:\w\$ ' \ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \ /tools/bin/bash --login +h In chroot, /dev/pts looks like this: root@lfsd82:/# ls -ld /dev/pts drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts root@lfsd82:/# ls -ld /dev/pts/* c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx I can then call "login", enter the user's userid and password and get a shell. I can also do a "su - timtas", which also works. If I then call "su -" under the user, I always get: su: must be run from a terminal The contents of /dev/pts in the chroot always stay: timtas@lfsd82:~$ ls -l /dev/pts/ total 0 c- 1 root root 5, 2 Feb 11 19:38 ptmx What am I missing? Well I'm attaching what I use. Of course you have to make sure the non-root user is created in chroot and has a home directory. Run mount-virt.sh, then enter chroot. You should be able to su from there after a 'useradd -m userid'. Thanks for that. Just another quick question: what are your contents in /dev/pts after you entered chroot? I have read some stuff now and someone pointed to a glibc issue when failing to dereference /proc/self/fd/0. In my chroot, /proc/self/fd/0 points to: root@lfsd82:/# ls -l /proc/self/fd/0 lrwx-- 1 root root 64 Feb 11 21:01 /proc/self/fd/0 -> /dev/pts/0 which doesn't exist in my chroot. This then seems to trigger the errors, as the glibc function ttyname() fails in that case. Somehow, the chroot call seems not to inherit the tty from outside and therefore no valid tty exist in the chroot. I have found a workaround for my problem: If I replace mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 with mount -v --bind /dev/pts $LFS/dev/pts , I get the needed /dev/pts/0 and sudo and su with password asking now works. As it seems that this is really only a chroot issue and su and sudo now work fine, I'll continue with that. I'm not yet sure of the exact security implications, but as this is a dedicated vm only for building the system, it should be ok. -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
Tim Tassonis wrote: On 02/11/2018 09:17 PM, Bruce Dubbs wrote: Tim Tassonis wrote: Hi all I currently building LFS (svn) and seem to get a problem doing su in the chroot environment. I am past shadow now and have set-up a user to work with. The user however should be able to su to root. I have done the same on lfs 7.9 and lfs 8.0 without problems. I think, I follow the book when entering the chroot: LFS=/lfs export LFS mount -v --bind /dev $LFS/dev mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 mount -vt proc proc $LFS/proc mount -vt sysfs sysfs $LFS/sys mount -vt tmpfs tmpfs $LFS/run if [ -h $LFS/dev/shm ]; then mkdir -pv $LFS/$(readlink $LFS/dev/shm) fi chroot "$LFS" /tools/bin/env -i \ HOME=/root \ TERM="$TERM" \ PS1='\u:\w\$ ' \ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \ /tools/bin/bash --login +h In chroot, /dev/pts looks like this: root@lfsd82:/# ls -ld /dev/pts drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts root@lfsd82:/# ls -ld /dev/pts/* c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx I can then call "login", enter the user's userid and password and get a shell. I can also do a "su - timtas", which also works. If I then call "su -" under the user, I always get: su: must be run from a terminal The contents of /dev/pts in the chroot always stay: timtas@lfsd82:~$ ls -l /dev/pts/ total 0 c- 1 root root 5, 2 Feb 11 19:38 ptmx What am I missing? Well I'm attaching what I use. Of course you have to make sure the non-root user is created in chroot and has a home directory. Run mount-virt.sh, then enter chroot. You should be able to su from there after a 'useradd -m userid'. Thanks for that. Just another quick question: what are your contents in /dev/pts after you entered chroot? Just c- 1 root root 5, 2 Feb 11 14:11 ptmx I have read some stuff now and someone pointed to a glibc issue when failing to dereference /proc/self/fd/0. In my chroot, /proc/self/fd/0 points to: root@lfsd82:/# ls -l /proc/self/fd/0 lrwx-- 1 root root 64 Feb 11 21:01 /proc/self/fd/0 -> /dev/pts/0 As a normal user and as root in chroot, I have the same. What changes in /proc/self/fd is th eowner and group and the pointer 3 -> /proc/10750/fd whuch gave different PIDs. which doesn't exist in my chroot. This then seems to trigger the errors, as the glibc function ttyname() fails in that case. Somehow, the chroot call seems not to inherit the tty from outside and therefore no valid tty exist in the chroot. I do not know why it works for me and not you. -- Bruce -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
Tim Tassonis wrote: Hi all I currently building LFS (svn) and seem to get a problem doing su in the chroot environment. I am past shadow now and have set-up a user to work with. The user however should be able to su to root. I have done the same on lfs 7.9 and lfs 8.0 without problems. I think, I follow the book when entering the chroot: LFS=/lfs export LFS mount -v --bind /dev $LFS/dev mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 mount -vt proc proc $LFS/proc mount -vt sysfs sysfs $LFS/sys mount -vt tmpfs tmpfs $LFS/run if [ -h $LFS/dev/shm ]; then mkdir -pv $LFS/$(readlink $LFS/dev/shm) fi chroot "$LFS" /tools/bin/env -i \ HOME=/root \ TERM="$TERM" \ PS1='\u:\w\$ ' \ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \ /tools/bin/bash --login +h In chroot, /dev/pts looks like this: root@lfsd82:/# ls -ld /dev/pts drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts root@lfsd82:/# ls -ld /dev/pts/* c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx I can then call "login", enter the user's userid and password and get a shell. I can also do a "su - timtas", which also works. If I then call "su -" under the user, I always get: su: must be run from a terminal The contents of /dev/pts in the chroot always stay: timtas@lfsd82:~$ ls -l /dev/pts/ total 0 c- 1 root root 5, 2 Feb 11 19:38 ptmx What am I missing? Well I'm attaching what I use. Of course you have to make sure the non-root user is created in chroot and has a home directory. Run mount-virt.sh, then enter chroot. You should be able to su from there after a 'useradd -m userid'. -- Bruce mount-virt.sh Description: application/shellscript umount-virt.sh Description: application/shellscript -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
[lfs-support] Problems with su when building LFS
Hi all I currently building LFS (svn) and seem to get a problem doing su in the chroot environment. I am past shadow now and have set-up a user to work with. The user however should be able to su to root. I have done the same on lfs 7.9 and lfs 8.0 without problems. I think, I follow the book when entering the chroot: LFS=/lfs export LFS mount -v --bind /dev $LFS/dev mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 mount -vt proc proc $LFS/proc mount -vt sysfs sysfs $LFS/sys mount -vt tmpfs tmpfs $LFS/run if [ -h $LFS/dev/shm ]; then mkdir -pv $LFS/$(readlink $LFS/dev/shm) fi chroot "$LFS" /tools/bin/env -i \ HOME=/root \ TERM="$TERM"\ PS1='\u:\w\$ ' \ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \ /tools/bin/bash --login +h In chroot, /dev/pts looks like this: root@lfsd82:/# ls -ld /dev/pts drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts root@lfsd82:/# ls -ld /dev/pts/* c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx I can then call "login", enter the user's userid and password and get a shell. I can also do a "su - timtas", which also works. If I then call "su -" under the user, I always get: su: must be run from a terminal The contents of /dev/pts in the chroot always stay: timtas@lfsd82:~$ ls -l /dev/pts/ total 0 c- 1 root root 5, 2 Feb 11 19:38 ptmx What am I missing? Bye Tim -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Page Table Isolation on AMD Processors
On 11 February 2018 at 19:30, Ken Moffatwrote: > On Sun, Feb 11, 2018 at 07:10:41PM +, Mark Pokorny wrote: >> Hi all, >> >> I’ve been away for a while, but am back now starting a new SVN build >> of LFS. Since I’ve been away, however, the Spectre/Meltdown issue has >> been discussed at length. I’ve been reading through the archives with >> interest, but unfortunately little understanding. >> >> I am currently going through the motions of setting the configuration >> options for the Linux kernel (4.15.2) and have come across the option >> for Page Table Isolation. I have an AMD FX8350 processor, and from >> reading the discussions on this mailing list, I understand that AMD >> processors are _not_ vulnerable to the Meltdown issue that PTI is >> supposed to address. So, my question is: >> >> tl;dr: >> Should I compile Page Table Isolation into my kernel even though I >> have (a pre-Ryzen) AMD processor? It seems some people were having >> issues when PTI was compiled in, and others state the PTI is not >> activated at runtime anyway. Any thoughts? >> >> Tschüß! >> >> Mark. > > Enable it ;) > > The statement that it will not be activated at runtime if you are on > an AMD CPU is correct. OTOH, if you will never use that .config to > build on a different machine then I suppose it doesn't matter. > > ĸen Cheers! Thanks Ken! Will do! ;) Mark. -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
[lfs-support] Page Table Isolation on AMD Processors
Hi all, I’ve been away for a while, but am back now starting a new SVN build of LFS. Since I’ve been away, however, the Spectre/Meltdown issue has been discussed at length. I’ve been reading through the archives with interest, but unfortunately little understanding. I am currently going through the motions of setting the configuration options for the Linux kernel (4.15.2) and have come across the option for Page Table Isolation. I have an AMD FX8350 processor, and from reading the discussions on this mailing list, I understand that AMD processors are _not_ vulnerable to the Meltdown issue that PTI is supposed to address. So, my question is: tl;dr: Should I compile Page Table Isolation into my kernel even though I have (a pre-Ryzen) AMD processor? It seems some people were having issues when PTI was compiled in, and others state the PTI is not activated at runtime anyway. Any thoughts? Tschüß! Mark. -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style