Re: [lfs-support] Problems with su when building LFS

2018-02-11 Thread Bruce Dubbs 

Tim Tassonis wrote:


I have found a workaround for my problem:

If I replace

mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620

with

mount -v --bind /dev/pts $LFS/dev/pts


I get the needed /dev/pts/0 and sudo and su with password asking now 
works. As it seems that this is really only a chroot issue and su and sudo 
now work fine, I'll continue with that. I'm not yet sure of the exact 
security implications, but as this is a dedicated vm only for building the 
system, it should be ok.


What I recommend is just get ssh working and then work from your host. 
With ssl now in LFS, ssh does not need any dependencies.  I generally have 
a problem pasting between a host and VM anyway, so ssh cures that problem.


Are you using qemu?

  -- Bruce
--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Problems with su when building LFS

2018-02-11 Thread Tim Tassonis 



On 02/11/2018 10:07 PM, Tim Tassonis wrote:



On 02/11/2018 09:17 PM, Bruce Dubbs wrote:

Tim Tassonis wrote:

Hi all

I currently building LFS (svn) and seem to get a problem doing su in 
the chroot environment. I am past shadow now and have set-up a user 
to work with. The user however should be able to su to root. I have 
done the same on lfs 7.9 and lfs 8.0 without problems.


I think, I follow the book when entering the chroot:

LFS=/lfs export LFS
mount -v --bind /dev $LFS/dev
mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620
mount -vt proc proc $LFS/proc
mount -vt sysfs sysfs $LFS/sys
mount -vt tmpfs tmpfs $LFS/run

if [ -h $LFS/dev/shm ]; then
   mkdir -pv $LFS/$(readlink $LFS/dev/shm)
fi
chroot "$LFS" /tools/bin/env -i \
 HOME=/root  \
 TERM="$TERM"    \
 PS1='\u:\w\$ '  \
 PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \
    /tools/bin/bash --login +h


In chroot, /dev/pts looks like this:

root@lfsd82:/# ls -ld /dev/pts
drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts
root@lfsd82:/# ls -ld /dev/pts/*
c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx


I can then call "login", enter the user's userid and password and get 
a shell. I can also do a "su - timtas", which also works.


If I then call "su -" under the user, I always get:

su: must be run from a terminal


The contents of /dev/pts in the chroot always stay:


timtas@lfsd82:~$ ls -l /dev/pts/
total 0
c- 1 root root 5, 2 Feb 11 19:38 ptmx


What am I missing?


Well I'm attaching what I use.  Of course you have to make sure the 
non-root user is created in chroot and has a home directory.


Run mount-virt.sh, then enter chroot.  You should be able to su from 
there after a 'useradd -m userid'.



Thanks for that. Just another quick question: what are your contents in
/dev/pts after you entered chroot?

I have read some stuff now and someone pointed to a glibc issue when 
failing to dereference /proc/self/fd/0. In my chroot, /proc/self/fd/0 
points to:


root@lfsd82:/# ls -l /proc/self/fd/0
lrwx-- 1 root root 64 Feb 11 21:01 /proc/self/fd/0 -> /dev/pts/0

which doesn't exist in my chroot. This then seems to trigger the errors, 
as the glibc function ttyname() fails in that case.


Somehow, the chroot call seems not to inherit the tty from outside and 
therefore no valid tty exist in the chroot.





I have found a workaround for my problem:

If I replace

mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620

with

mount -v --bind /dev/pts $LFS/dev/pts


, I get the needed /dev/pts/0 and sudo and su with password asking now 
works. As it seems that this is really only a chroot issue and su and 
sudo now work fine, I'll continue with that. I'm not yet sure of the 
exact security implications, but as this is a dedicated vm only for 
building the system, it should be ok.

--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Problems with su when building LFS

2018-02-11 Thread Bruce Dubbs 

Tim Tassonis wrote:



On 02/11/2018 09:17 PM, Bruce Dubbs wrote:

Tim Tassonis wrote:

Hi all

I currently building LFS (svn) and seem to get a problem doing su in 
the chroot environment. I am past shadow now and have set-up a user to 
work with. The user however should be able to su to root. I have done 
the same on lfs 7.9 and lfs 8.0 without problems.


I think, I follow the book when entering the chroot:

LFS=/lfs export LFS
mount -v --bind /dev $LFS/dev
mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620
mount -vt proc proc $LFS/proc
mount -vt sysfs sysfs $LFS/sys
mount -vt tmpfs tmpfs $LFS/run

if [ -h $LFS/dev/shm ]; then
   mkdir -pv $LFS/$(readlink $LFS/dev/shm)
fi
chroot "$LFS" /tools/bin/env -i \
 HOME=/root  \
 TERM="$TERM"    \
 PS1='\u:\w\$ '  \
 PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \
    /tools/bin/bash --login +h


In chroot, /dev/pts looks like this:

root@lfsd82:/# ls -ld /dev/pts
drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts
root@lfsd82:/# ls -ld /dev/pts/*
c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx


I can then call "login", enter the user's userid and password and get a 
shell. I can also do a "su - timtas", which also works.


If I then call "su -" under the user, I always get:

su: must be run from a terminal


The contents of /dev/pts in the chroot always stay:


timtas@lfsd82:~$ ls -l /dev/pts/
total 0
c- 1 root root 5, 2 Feb 11 19:38 ptmx


What am I missing?


Well I'm attaching what I use.  Of course you have to make sure the 
non-root user is created in chroot and has a home directory.


Run mount-virt.sh, then enter chroot.  You should be able to su from 
there after a 'useradd -m userid'.



Thanks for that. Just another quick question: what are your contents in
/dev/pts after you entered chroot?


Just

c- 1 root root 5, 2 Feb 11 14:11 ptmx

I have read some stuff now and someone pointed to a glibc issue when 
failing to dereference /proc/self/fd/0. In my chroot, /proc/self/fd/0 
points to:


root@lfsd82:/# ls -l /proc/self/fd/0
lrwx-- 1 root root 64 Feb 11 21:01 /proc/self/fd/0 -> /dev/pts/0


As a normal user and as root in chroot, I have the same.  What changes in 
/proc/self/fd is th eowner and group and the pointer 3 -> /proc/10750/fd 
whuch gave different PIDs.


which doesn't exist in my chroot. This then seems to trigger the errors, 
as the glibc function ttyname() fails in that case.


Somehow, the chroot call seems not to inherit the tty from outside and 
therefore no valid tty exist in the chroot.


I do not know why it works for me and not you.

  -- Bruce
--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Problems with su when building LFS

2018-02-11 Thread Bruce Dubbs 

Tim Tassonis wrote:

Hi all

I currently building LFS (svn) and seem to get a problem doing su in the 
chroot environment. I am past shadow now and have set-up a user to work 
with. The user however should be able to su to root. I have done the same 
on lfs 7.9 and lfs 8.0 without problems.


I think, I follow the book when entering the chroot:

LFS=/lfs export LFS
mount -v --bind /dev $LFS/dev
mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620
mount -vt proc proc $LFS/proc
mount -vt sysfs sysfs $LFS/sys
mount -vt tmpfs tmpfs $LFS/run

if [ -h $LFS/dev/shm ]; then
   mkdir -pv $LFS/$(readlink $LFS/dev/shm)
fi
chroot "$LFS" /tools/bin/env -i \
     HOME=/root  \
     TERM="$TERM"    \
     PS1='\u:\w\$ '  \
     PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \
    /tools/bin/bash --login +h


In chroot, /dev/pts looks like this:

root@lfsd82:/# ls -ld /dev/pts
drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts
root@lfsd82:/# ls -ld /dev/pts/*
c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx


I can then call "login", enter the user's userid and password and get a 
shell. I can also do a "su - timtas", which also works.


If I then call "su -" under the user, I always get:

su: must be run from a terminal


The contents of /dev/pts in the chroot always stay:


timtas@lfsd82:~$ ls -l /dev/pts/
total 0
c- 1 root root 5, 2 Feb 11 19:38 ptmx


What am I missing?


Well I'm attaching what I use.  Of course you have to make sure the 
non-root user is created in chroot and has a home directory.


Run mount-virt.sh, then enter chroot.  You should be able to su from there 
after a 'useradd -m userid'.


  -- Bruce



mount-virt.sh
Description: application/shellscript


umount-virt.sh
Description: application/shellscript
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

[lfs-support] Problems with su when building LFS

2018-02-11 Thread Tim Tassonis 

Hi all

I currently building LFS (svn) and seem to get a problem doing su in the 
chroot environment. I am past shadow now and have set-up a user to work 
with. The user however should be able to su to root. I have done the 
same on lfs 7.9 and lfs 8.0 without problems.


I think, I follow the book when entering the chroot:

LFS=/lfs export LFS
mount -v --bind /dev $LFS/dev
mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620
mount -vt proc proc $LFS/proc
mount -vt sysfs sysfs $LFS/sys
mount -vt tmpfs tmpfs $LFS/run

if [ -h $LFS/dev/shm ]; then
  mkdir -pv $LFS/$(readlink $LFS/dev/shm)
fi
chroot "$LFS" /tools/bin/env -i \
HOME=/root  \
TERM="$TERM"\
PS1='\u:\w\$ '  \
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \
   /tools/bin/bash --login +h


In chroot, /dev/pts looks like this:

root@lfsd82:/# ls -ld /dev/pts
drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts
root@lfsd82:/# ls -ld /dev/pts/*
c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx


I can then call "login", enter the user's userid and password and get a 
shell. I can also do a "su - timtas", which also works.


If I then call "su -" under the user, I always get:

su: must be run from a terminal


The contents of /dev/pts in the chroot always stay:


timtas@lfsd82:~$ ls -l /dev/pts/
total 0
c- 1 root root 5, 2 Feb 11 19:38 ptmx


What am I missing?

Bye
Tim

--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Page Table Isolation on AMD Processors

2018-02-11 Thread Mark Pokorny 
On 11 February 2018 at 19:30, Ken Moffat  wrote:
> On Sun, Feb 11, 2018 at 07:10:41PM +, Mark Pokorny wrote:
>> Hi all,
>>
>> I’ve been away for a while, but am back now starting a new SVN build
>> of LFS. Since I’ve been away, however, the Spectre/Meltdown issue has
>> been discussed at length. I’ve been reading through the archives with
>> interest, but unfortunately little understanding.
>>
>> I am currently going through the motions of setting the configuration
>> options for the Linux kernel (4.15.2) and have come across the option
>> for Page Table Isolation. I have an AMD FX8350 processor, and from
>> reading the discussions on this mailing list, I understand that AMD
>> processors are _not_ vulnerable to the Meltdown issue that PTI is
>> supposed to address. So, my question is:
>>
>> tl;dr:
>> Should I compile Page Table Isolation into my kernel even though I
>> have (a pre-Ryzen) AMD processor? It seems some people were having
>> issues when PTI was compiled in, and others state the PTI is not
>> activated at runtime anyway. Any thoughts?
>>
>> Tschüß!
>>
>> Mark.
>
> Enable it ;)
>
> The statement that it will not be activated at runtime if you are on
> an AMD CPU is correct.  OTOH, if you will never use that .config to
> build on a different machine then I suppose it doesn't matter.
>
> ĸen

Cheers! Thanks Ken! Will do! ;)

Mark.
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

[lfs-support] Page Table Isolation on AMD Processors

2018-02-11 Thread Mark Pokorny 
Hi all,

I’ve been away for a while, but am back now starting a new SVN build
of LFS. Since I’ve been away, however, the Spectre/Meltdown issue has
been discussed at length. I’ve been reading through the archives with
interest, but unfortunately little understanding.

I am currently going through the motions of setting the configuration
options for the Linux kernel (4.15.2) and have come across the option
for Page Table Isolation. I have an AMD FX8350 processor, and from
reading the discussions on this mailing list, I understand that AMD
processors are _not_ vulnerable to the Meltdown issue that PTI is
supposed to address. So, my question is:

tl;dr:
Should I compile Page Table Isolation into my kernel even though I
have (a pre-Ryzen) AMD processor? It seems some people were having
issues when PTI was compiled in, and others state the PTI is not
activated at runtime anyway. Any thoughts?

Tschüß!

Mark.
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style