FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 05-29-2008, 07:00 AM
"Todd A. Jacobs"
 
Default Firefox in 32-bit chroot

I'm attempting to run firefox in a 32-bit chroot using schroot with
run-setup-scripts=false because I don't want to mess with my real home
directory. Firefox is installed, as is x11-common. However:

$ schroot -c firefox firefox
I: [firefox chroot] Running command: "firefox"

(firefox-bin:16741): Gtk-WARNING **: cannot open display:

Even when I run "xhost +localhost" and schroot in and manually set
DISPLAY=:0, I get the same results. What else am I missing here?

--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 05-30-2008, 08:36 AM
michael
 
Default Firefox in 32-bit chroot

On 29 May 2008, at 08:00, Todd A. Jacobs wrote:


I'm attempting to run firefox in a 32-bit chroot using schroot with
run-setup-scripts=false because I don't want to mess with my real home
directory. Firefox is installed, as is x11-common. However:

$ schroot -c firefox firefox
I: [firefox chroot] Running command: "firefox"

(firefox-bin:16741): Gtk-WARNING **: cannot open display:

Even when I run "xhost +localhost" and schroot in and manually set
DISPLAY=:0, I get the same results. What else am I missing here?


I'm intrigued as to the quickest way to build the smallest 32 bit
chroot (schroot?) on my AMD64 box, for just this purpose (running a
"full" browser with alll the plugins...) Any advice welcome! M



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 05-31-2008, 01:53 AM
"Douglas A. Tutty"
 
Default Firefox in 32-bit chroot

On Fri, May 30, 2008 at 09:36:40AM +0100, michael wrote:
>
> On 29 May 2008, at 08:00, Todd A. Jacobs wrote:
>
> >I'm attempting to run firefox in a 32-bit chroot using schroot with
> >run-setup-scripts=false because I don't want to mess with my real home
> >directory. Firefox is installed, as is x11-common. However:
> >
> > $ schroot -c firefox firefox
> > I: [firefox chroot] Running command: "firefox"
> >
> > (firefox-bin:16741): Gtk-WARNING **: cannot open display:
> >
> >Even when I run "xhost +localhost" and schroot in and manually set
> >DISPLAY=:0, I get the same results. What else am I missing here?
>
> I'm intrigued as to the quickest way to build the smallest 32 bit
> chroot (schroot?) on my AMD64 box, for just this purpose (running a
> "full" browser with alll the plugins...) Any advice welcome! M
>

Re the home dirctory thing: I don't know why its not working but I'm
assuming something about .Xauthority. What is your concern.

Personally, I built my chroot with debootstrap. I couldn't find an
up-to-date howto but I pick and chose from the amd64 howto on the
website to get the base chroot installed, installed schroot and read its
man page, set it up, then used schroot -pc etch-ia32 aptitude to set up
the chroot appropriatly.

The chroot is installed in /srv/schroot/etch-ia32 (/srv is on its own
LV) and here is my schroot config file:


# schroot chroot definitions.
# See schroot.conf(5) for complete documentation of the file format.
#
# Please take note that you should not add untrusted users to
# root-groups, because they will essentially have full root access
# to your system. They will only have root access inside the chroot,
# but that's enough to cause malicious damage.
#
#
#
#
[etch-ia32]
type=directory
description=Debian Etch ia32
groups=games
run-setup-scripts=true
run-exec-scripts=true
personality=linux32
location=/srv/chroot/etch-ia32

# The following lines are examples only. Uncomment and alter them to
# customise schroot for your needs, or create a new entry from scratch.

[snip the remaining commented-out examples]

As you can see, I limit access to users in the games group.

For further security (enforced only by user dicipline), I only use
javascript in the schroot and I have a separate user for using
javascript and flash-enabled browsers in the chroot. My normal user
(which is also in adm and staff) cannot run the chroot since its not in
games. Root is in games since it needs to run schroot to run aptitude
but root never runs a web browser.


I hope this helps.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-02-2008, 04:53 PM
"Douglas A. Tutty"
 
Default Firefox in 32-bit chroot

On Sat, May 31, 2008 at 08:29:53PM -0700, Todd A. Jacobs wrote:
> On Fri, May 30, 2008 at 09:53:30PM -0400, Douglas A. Tutty wrote:
>
> > [etch-ia32]
> > type=directory
> > description=Debian Etch ia32
> > groups=games
> > run-setup-scripts=true
> > run-exec-scripts=true
> > personality=linux32
> > location=/srv/chroot/etch-ia32
>
> The problem here (for me) is that you're running the bind scripts, and I
> don't *want* to share home directories with the chroot. I'm sure that's
> part of the problem in my case, but I'm just not sure how to fix it.

There's probably a very elegant way, but the simplest way is to create a
new user, put that new user in a group that is set to allow use of
schroot (in mine, games, but you could create something like
"chrooters"). Sure their home directory will be bind mounted but if you
have permissions set right that user (or any malware running as that
user) won't be able to access other user's home directory.

You'll need most of the bind scripts so that /dev and /proc get mounted
(and others, read the scripts).

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-03-2008, 12:24 AM
"Jordi Gutiérrez Hermoso"
 
Default Firefox in 32-bit chroot

On 29/05/2008, Todd A. Jacobs <nospam@codegnome.org> wrote:
> I'm attempting to run firefox in a 32-bit chroot

Why? Do you really need to do this? Or is this just one of those
things you want to do for the geek points?

- Jordi G. H.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-03-2008, 12:45 AM
"Douglas A. Tutty"
 
Default Firefox in 32-bit chroot

On Mon, Jun 02, 2008 at 07:24:05PM -0500, Jordi Guti?rrez Hermoso wrote:
> On 29/05/2008, Todd A. Jacobs <nospam@codegnome.org> wrote:
> > I'm attempting to run firefox in a 32-bit chroot
>
> Why? Do you really need to do this? Or is this just one of those
> things you want to do for the geek points?

If he's running Etch amd64, what other alternative is there? Last I
looked, the wrapper package (whatever the name is) can't be back-ported
from Lenny.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-03-2008, 12:29 PM
"Jordi Gutiérrez Hermoso"
 
Default Firefox in 32-bit chroot

On 02/06/2008, Douglas A. Tutty <dtutty@porchlight.ca> wrote:
> On Mon, Jun 02, 2008 at 07:24:05PM -0500, Jordi Guti?rrez Hermoso wrote:
> > On 29/05/2008, Todd A. Jacobs <nospam@codegnome.org> wrote:
> > > I'm attempting to run firefox in a 32-bit chroot
> >
> > Why? Do you really need to do this? Or is this just one of those
> > things you want to do for the geek points?
>
> If he's running Etch amd64, what other alternative is there? Last I
> looked, the wrapper package (whatever the name is) can't be back-ported
> from Lenny.

I beg your pardon?

http://packages.debian.org/etch-backports/nspluginwrapper

HTH,
- Jordi G. H.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-06-2008, 05:52 PM
"Todd A. Jacobs"
 
Default Firefox in 32-bit chroot

On Mon, Jun 02, 2008 at 07:24:05PM -0500, Jordi Gutiérrez Hermoso wrote:

> Why? Do you really need to do this? Or is this just one of those
> things you want to do for the geek points?

If you're able to get Sun's Java plugin working natively on amd64,
please feel free to tell the rest of us how you managed it.

--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-06-2008, 05:55 PM
"Todd A. Jacobs"
 
Default Firefox in 32-bit chroot

On Mon, Jun 02, 2008 at 12:53:30PM -0400, Douglas A. Tutty wrote:

> There's probably a very elegant way, but the simplest way is to create
> a new user, put that new user in a group that is set to allow use of
> schroot (in mine, games, but you could create something like
> "chrooters"). Sure their home directory will be bind mounted but if
> you have permissions set right that user (or any malware running as
> that user) won't be able to access other user's home directory.

Thank you. If I can't find a better way, I'll use your suggestion.

In the meantime, I don't like doing things just because they work. I
really want to understand what's missing from the current invocation or
environment so that I understand what's going wrong. Knowing why is
almost as important as knowing how to work around it.

--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-06-2008, 07:54 PM
"Jordi Gutiérrez Hermoso"
 
Default Firefox in 32-bit chroot

On 06/06/2008, Todd A. Jacobs <nospam@codegnome.org> wrote:

> If you're able to get Sun's Java plugin working natively on amd64,
> please feel free to tell the rest of us how you managed it.

Oh.

Thankfully, I have little use for the Java plugin myself. Looking
forward to the free plugin, though. I guess none of the free Java
plugins do what you want?

- Jordi G. H.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 08:49 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org