From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Thu, 27 Mar 2008 18:24:40 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Linux Sisyphus discussions <sisyphus@lists.altlinux.org>
Message-ID: <20080327152440.GB9535@wo.int.altlinux.org>
Mail-Followup-To: ALT Linux Sisyphus discussions <sisyphus@lists.altlinux.org>
References: <47EA65A8.7070905@altlinux.org>
	<20080326151008.GA12004@wo.int.altlinux.org>
	<47EA6AE7.8050503@altlinux.org>
	<20080326155235.GB12004@wo.int.altlinux.org>
	<47EBB051.9020001@altlinux.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="V0207lvV8h4k8FAm"
Content-Disposition: inline
In-Reply-To: <47EBB051.9020001@altlinux.org>
X-fingerprint: FE4C 93AB E19A 2E4C CB5D  3E4E 7CAB E6AC 9E35 361E
Subject: Re: [sisyphus] hasher mount
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux Sisyphus discussions <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussions <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2008 15:24:41 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/20080327152440.GB9535@wo.int.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>


--V0207lvV8h4k8FAm
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 27, 2008 at 05:33:53PM +0300, Vitaly Ostanin wrote:
> Dmitry V. Levin =D0=C9=DB=C5=D4:
> > On Wed, Mar 26, 2008 at 06:25:27PM +0300, Vitaly Ostanin wrote:
> >> Dmitry V. Levin =D0=C9=DB=C5=D4:
> >>> On Wed, Mar 26, 2008 at 06:03:04PM +0300, Vitaly Ostanin wrote:
> >>>> =FA=C4=D2=C1=D7=D3=D4=D7=D5=CA=D4=C5.
> >>>>
> >>>> =F3=CB=C1=D6=C9=D4=C5, =D7 hasher =C5=D3=D4=D8 =D7=CF=DA=CD=CF=D6=CE=
=CF=D3=D4=D8 =D2=C1=DA=D2=C5=DB=C9=D4=D8 mknod =D7 chroot ? =F4=CF,
> >>>> =DE=D4=CF =C4=C5=CC=C1=C5=D4 hsh-fakedev, =C4=CC=D1 =C9=D3=D0=CF=CC=
=D8=DA=CF=D7=C1=CE=C9=D1 =C4=D2=C1=CA=D7=C5=D2=CF=D7 nvidia =CE=C5 =C7=CF=
=C4=C9=D4=D3=D1.
> >>> =F7 hasher-priv =C5=D3=D4=D8 mount, =D7 =D3=CF=DE=C5=D4=C1=CE=C9=C9 =
=D3 /etc/hasher-priv/fstab =DC=D4=CF=C7=CF
> >>> =C4=CF=CC=D6=CE=CF =C2=D9=D4=D8 =C4=CF=D3=D4=C1=D4=CF=DE=CE=CF.
> >> =EB=C1=CB =D4=D1=D6=C5=CC=CF =D6=C1=CC=CB=CF=CD=D5 =DE=C5=CC=CF=D7=C5=
=DE=CB=D5 =CF=C2=DD=C1=D4=D8=D3=D1 =D3 =D7=D9=D3=DB=C9=CD =D2=C1=DA=D5=CD=
=CF=CD... =E9=CD=C5=C5=D4=D3=D1 =D7
> >> =D7=C9=C4=D5 =CD=CF=CE=D4=C9=D2=CF=D7=C1=CE=C9=C5 /dev ? =E7=C4=C5 =CD=
=CF=D6=CE=CF =D0=CF=D3=CD=CF=D4=D2=C5=D4=D8 =D0=D2=C9=CD=C5=D2=D9
> >> /etc/hasher-priv/fstab =C4=CC=D1 =CE=C5 =D7=C9=D2=D4=D5=C1=CC=D8=CE=D9=
=C8 fs ?
> >=20
> > =F2=C1=DA=D5=CD=C5=C5=D4=D3=D1, =D7 /etc/fstab
> >=20
> > =F7=CF=D4 =D7=C1=CD =CE=C5=D3=CB=CF=CC=D8=CB=CF =C9=D3=CB=D5=D3=D3=D4=
=D7=C5=CE=CE=D9=CA, =CF=C4=CE=C1=CB=CF =D7=D0=CF=CC=CE=C5 =D2=C1=C2=CF=DE=
=C9=CA =D0=D2=C9=CD=C5=D2:
> > $ grep ^/ /etc/hasher-priv/fstab
> > /dev /dev/my bind bind
> > $ /usr/libexec/hasher-priv/hasher-priv getconf |xargs -r grep ^allowed_=
mountpoints=3D
> > allowed_mountpoints=3D/proc,/dev/pts,/dev/my
> > $ hsh --ini
> > $ chgrp -- `/usr/libexec/hasher-priv/hasher-priv getugid1 |cut -d: -f2`=
 ~/hasher/chroot/dev/my
> > $ hsh-shell --mount=3D/dev/my
>=20
> =ED=CF=CE=D4=C9=D2=CF=D7=C1=CE=C9=C5 =C6=C1=CA=CC=CF=D7 =D7 hasher =CE=C5=
 =DA=C1=D2=C1=C2=CF=D4=C1=CC=CF. =F7 /etc/hasher-priv/fstab
> /dev/nvidia0    /dev/nvidia0            bind    bind          0 0
>=20
> =F7 /etc/hasher-priv/user.d/vyt
> allowed_mountpoints=3D/proc,/dev/nvidia0
>=20
> $ touch ~/wine/chroot/dev/nvidia0
> $ hsh-shell ~/wine --mount=3D/dev/nvidia0
> hasher-priv: nvidia0: Not a directory
>=20
> =ED=CF=CE=D4=C9=D2=CF=D7=C1=CE=C9=C5 =CB=C1=D4=C1=CC=CF=C7=CF=D7 =D7 hash=
er =D2=C1=C2=CF=D4=C1=C5=D4. =F7 'mount --bind' =D2=C1=C2=CF=D4=C1=C5=D4
> =CD=CF=CE=D4=C9=D2=CF=D7=C1=CE=C9=C5 =C9 =C6=C1=CA=CC=CF=D7, =C9 =CB=C1=
=D4=C1=CC=CF=C7=CF=D7.
>=20
> =ED=CF=D6=CE=CF =CE=C1=D5=DE=C9=D4=D8 hasher =CD=CF=CE=D4=C9=D2=CF=D7=C1=
=D4=D8 =C9 =C6=C1=CA=CC=D9 =D4=CF=D6=C5? =EF=D4=C4=C1=D7=C1=D4=D8 =D7=C5=D3=
=D8 /dev =D7
> chroot =CB=C1=CB-=D4=CF =D3=D4=D2=C1=DB=CE=CF=D7=C1=D4=CF.

=ED=CF=CE=D4=C9=D2=CF=D7=C1=D4=D8 =C6=C1=CA=CC=D9 =CD=C5=CE=C5=C5 =C2=C5=DA=
=CF=D0=C1=D3=CE=CF, =DE=C5=CD =CB=C1=D4=C1=CC=CF=C7=C9.  =F1 =D0=CF=C4=D5=
=CD=C1=C0, =DE=D4=CF =D4=D5=D4 =CD=CF=D6=CE=CF
=D3=C4=C5=CC=C1=D4=D8.  =E8=CF=D2=CF=DB=CF =C2=D9 =D0=CF=D7=C5=D3=C9=D4=D8 =
FR =CE=C1 =D0=C1=CB=C5=D4 hasher-priv.


--=20
ldv

--V0207lvV8h4k8FAm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkfrvDgACgkQfKvmrJ41Nh6KkwCgv/eY8bhQQngiqLVVL3tE56DT
u5sAnip6aehWWlZwjp4gLMMMwmp46g9n
=6bvf
-----END PGP SIGNATURE-----

--V0207lvV8h4k8FAm--