From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vyt@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FUZZY_XPILL
	autolearn=no version=3.2.3
Message-ID: <47EBB051.9020001@altlinux.org>
Date: Thu, 27 Mar 2008 17:33:53 +0300
From: Vitaly Ostanin <vyt@altlinux.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20070804)
MIME-Version: 1.0
To: ALT Linux Sisyphus discussions <sisyphus@lists.altlinux.org>
References: <47EA65A8.7070905@altlinux.org>	<20080326151008.GA12004@wo.int.altlinux.org>	<47EA6AE7.8050503@altlinux.org>
	<20080326155235.GB12004@wo.int.altlinux.org>
In-Reply-To: <20080326155235.GB12004@wo.int.altlinux.org>
X-Enigmail-Version: 0.95.2
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigFBCA64F73A25F165B9BAB5F4"
Subject: Re: [sisyphus] hasher mount (was: hasher mknod)
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux Sisyphus discussions <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussions <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2008 14:34:21 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/47EBB051.9020001@altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigFBCA64F73A25F165B9BAB5F4
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable

Dmitry V. Levin =D0=C9=DB=C5=D4:
> On Wed, Mar 26, 2008 at 06:25:27PM +0300, Vitaly Ostanin wrote:
>> Dmitry V. Levin =D0=C9=DB=C5=D4:
>>> On Wed, Mar 26, 2008 at 06:03:04PM +0300, Vitaly Ostanin wrote:
>>>> =FA=C4=D2=C1=D7=D3=D4=D7=D5=CA=D4=C5.
>>>>
>>>> =F3=CB=C1=D6=C9=D4=C5, =D7 hasher =C5=D3=D4=D8 =D7=CF=DA=CD=CF=D6=CE=
=CF=D3=D4=D8 =D2=C1=DA=D2=C5=DB=C9=D4=D8 mknod =D7 chroot ? =F4=CF,
>>>> =DE=D4=CF =C4=C5=CC=C1=C5=D4 hsh-fakedev, =C4=CC=D1 =C9=D3=D0=CF=CC=D8=
=DA=CF=D7=C1=CE=C9=D1 =C4=D2=C1=CA=D7=C5=D2=CF=D7 nvidia =CE=C5 =C7=CF=C4=
=C9=D4=D3=D1.
>>> =F7 hasher-priv =C5=D3=D4=D8 mount, =D7 =D3=CF=DE=C5=D4=C1=CE=C9=C9 =D3=
 /etc/hasher-priv/fstab =DC=D4=CF=C7=CF
>>> =C4=CF=CC=D6=CE=CF =C2=D9=D4=D8 =C4=CF=D3=D4=C1=D4=CF=DE=CE=CF.
>> =EB=C1=CB =D4=D1=D6=C5=CC=CF =D6=C1=CC=CB=CF=CD=D5 =DE=C5=CC=CF=D7=C5=DE=
=CB=D5 =CF=C2=DD=C1=D4=D8=D3=D1 =D3 =D7=D9=D3=DB=C9=CD =D2=C1=DA=D5=CD=CF=
=CD... =E9=CD=C5=C5=D4=D3=D1 =D7
>> =D7=C9=C4=D5 =CD=CF=CE=D4=C9=D2=CF=D7=C1=CE=C9=C5 /dev ? =E7=C4=C5 =CD=
=CF=D6=CE=CF =D0=CF=D3=CD=CF=D4=D2=C5=D4=D8 =D0=D2=C9=CD=C5=D2=D9
>> /etc/hasher-priv/fstab =C4=CC=D1 =CE=C5 =D7=C9=D2=D4=D5=C1=CC=D8=CE=D9=
=C8 fs ?
>=20
> =F2=C1=DA=D5=CD=C5=C5=D4=D3=D1, =D7 /etc/fstab
>=20
> =F7=CF=D4 =D7=C1=CD =CE=C5=D3=CB=CF=CC=D8=CB=CF =C9=D3=CB=D5=D3=D3=D4=D7=
=C5=CE=CE=D9=CA, =CF=C4=CE=C1=CB=CF =D7=D0=CF=CC=CE=C5 =D2=C1=C2=CF=DE=C9=
=CA =D0=D2=C9=CD=C5=D2:
> $ grep ^/ /etc/hasher-priv/fstab
> /dev /dev/my bind bind
> $ /usr/libexec/hasher-priv/hasher-priv getconf |xargs -r grep ^allowed_=
mountpoints=3D
> allowed_mountpoints=3D/proc,/dev/pts,/dev/my
> $ hsh --ini
> $ chgrp -- `/usr/libexec/hasher-priv/hasher-priv getugid1 |cut -d: -f2`=
 ~/hasher/chroot/dev/my
> $ hsh-shell --mount=3D/dev/my

=ED=CF=CE=D4=C9=D2=CF=D7=C1=CE=C9=C5 =C6=C1=CA=CC=CF=D7 =D7 hasher =CE=C5=
 =DA=C1=D2=C1=C2=CF=D4=C1=CC=CF. =F7 /etc/hasher-priv/fstab
/dev/nvidia0    /dev/nvidia0            bind    bind          0 0

=F7 /etc/hasher-priv/user.d/vyt
allowed_mountpoints=3D/proc,/dev/nvidia0


$ touch ~/wine/chroot/dev/nvidia0
$ hsh-shell ~/wine --mount=3D/dev/nvidia0
hasher-priv: nvidia0: Not a directory

=ED=CF=CE=D4=C9=D2=CF=D7=C1=CE=C9=C5 =CB=C1=D4=C1=CC=CF=C7=CF=D7 =D7 hash=
er =D2=C1=C2=CF=D4=C1=C5=D4. =F7 'mount --bind' =D2=C1=C2=CF=D4=C1=C5=D4
=CD=CF=CE=D4=C9=D2=CF=D7=C1=CE=C9=C5 =C9 =C6=C1=CA=CC=CF=D7, =C9 =CB=C1=D4=
=C1=CC=CF=C7=CF=D7.

=ED=CF=D6=CE=CF =CE=C1=D5=DE=C9=D4=D8 hasher =CD=CF=CE=D4=C9=D2=CF=D7=C1=D4=
=D8 =C9 =C6=C1=CA=CC=D9 =D4=CF=D6=C5? =EF=D4=C4=C1=D7=C1=D4=D8 =D7=C5=D3=D8=
 /dev =D7
chroot =CB=C1=CB-=D4=CF =D3=D4=D2=C1=DB=CE=CF=D7=C1=D4=CF.

hasher-1.3.2-alt1
hasher-priv-1.2.11-alt1

> =F2=C1=DA=D5=CD=C5=C5=D4=D3=D1, =C9=CD=D1 /dev/my =D7=DA=D1=D4=CF =D0=D2=
=CF=C9=DA=D7=CF=CC=D8=CE=CF, =D7=CF=DA=CD=CF=D6=CE=D9=C5 =D3=CF=D7=D0=C1=C4=
=C5=CE=C9=D1 =D3=CC=D5=DE=C1=CA=CE=D9.

--=20
Regards, Vyt
mailto:  vyt@altlinux.org
JID:     vitaly.ostanin@gmail.com


--------------enigFBCA64F73A25F165B9BAB5F4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH67BW4uqsUQ7Y/CQRAszRAJ9pptrcl6VLvwUUfXmGRd51XlTi6wCdG87C
DIeL0JA9QLxs+ICTy5OYTok=
=CEhr
-----END PGP SIGNATURE-----

--------------enigFBCA64F73A25F165B9BAB5F4--