Hi,
I have a amd64 install of debian with a 32bit chroot for a couple of apps.
This works great, but I have a question.

Is it possible to have an application inside the 32bit chroot launch an
application on my main 64 bit system? (e.g. a photo browsing program in the
32bit chroot launching gimp, which is installed in my main 64 bit system).
I currently launch my 32bit programs with schroot and am hoping I can set
something to make specific programs outside the chroot available...

I cannot think of how this can be achieved, so any ideas are welcomed.

Regards,

Anton

--
Anton Piatek
email: anton@piatek.co.uk
blog/photos: http://www.strangeparty.com
pgp: [0xB307BAEF] (http://tastycake.net/~anton/anton.asc)
fingerprint: 116A 5F01 1E5F 1ADE 78C6 EDB3 B9B6 E622 B307 BAEF

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBFslW8ubbmIrMHuu8RAg7bAJ9uSItFajOyenNizc1xct uts3Pm2gCgkAI7
wkbcH3TDyjNsFhyyEkSpOhE=
=7FXz
-----END PGP SIGNATURE-----

On Sat, Jan 20, 2007 at 05:47:36PM +0000, Anton Piatek wrote:
> Hi,
> I have a amd64 install of debian with a 32bit chroot for a couple of apps.
> This works great, but I have a question.
>
> Is it possible to have an application inside the 32bit chroot launch an
> application on my main 64 bit system? (e.g. a photo browsing program in the
> 32bit chroot launching gimp, which is installed in my main 64 bit system).
> I currently launch my 32bit programs with schroot and am hoping I can set
> something to make specific programs outside the chroot available...
>
> I cannot think of how this can be achieved, so any ideas are welcomed.
>

I've never played with chroot but if you add ssh to the chroot could you
ssh the main box from within the chroot? If so, you could set up ssh
with public-key so no passwords were required and it would be
transparent.

I wonder.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Jan 20, 2007, at 2:37 PM, Douglas Allan Tutty wrote:

> On Sat, Jan 20, 2007 at 05:47:36PM +0000, Anton Piatek wrote:
>> Hi,
>> I have a amd64 install of debian with a 32bit chroot for a couple
>> of apps.
>> This works great, but I have a question.
>>
>> Is it possible to have an application inside the 32bit chroot
>> launch an
>> application on my main 64 bit system? (e.g. a photo browsing
>> program in the
>> 32bit chroot launching gimp, which is installed in my main 64 bit
>> system).
>> I currently launch my 32bit programs with schroot and am hoping I
>> can set
>> something to make specific programs outside the chroot available...
>>
>> I cannot think of how this can be achieved, so any ideas are
>> welcomed.
>>
>
> I've never played with chroot but if you add ssh to the chroot
> could you
> ssh the main box from within the chroot? If so, you could set up ssh
> with public-key so no passwords were required and it would be
> transparent.
>
> I wonder.
>
> Doug.

That might work. Here's another way that might be a little less
resource intensive but would require some development effort to
package-up for easy use:

Create a named-pipe (also called "fifo" -- see "man fifo") in the /
tmp directory of the chroot area. This will be available to the 32-
bit processes inside the chroot and also to the 64-bit processes
(because the chroot area is a subset of the main 64-bit file-system
space). Write to it in the 32-bit area and read from it in the 64-
bit area. If you need full-duplex communication, you'll have to have
two pipes (I think.)

I haven't tried it myself, but it should work.

Rick


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Sat, Jan 20, 2007 at 04:21:19PM -0500, Rick Thomas wrote:
>
> On Jan 20, 2007, at 2:37 PM, Douglas Allan Tutty wrote:
>
> >On Sat, Jan 20, 2007 at 05:47:36PM +0000, Anton Piatek wrote:
> >>Hi,
> >>I have a amd64 install of debian with a 32bit chroot for a couple
> >>of apps.
> >>This works great, but I have a question.
> >>
> >>Is it possible to have an application inside the 32bit chroot
> >>launch an
> >>application on my main 64 bit system? (e.g. a photo browsing
> >>program in the
> >>32bit chroot launching gimp, which is installed in my main 64 bit
> >>system).
> >>
> >
> >I've never played with chroot but if you add ssh to the chroot
> >could you
> >ssh the main box from within the chroot? If so, you could set up ssh
> >with public-key so no passwords were required and it would be
> >transparent.

>
> That might work. Here's another way that might be a little less
> resource intensive but would require some development effort to
> package-up for easy use:
>
> Create a named-pipe (also called "fifo" -- see "man fifo") in the /
> tmp directory of the chroot area. This will be available to the 32-
> bit processes inside the chroot and also to the 64-bit processes
> (because the chroot area is a subset of the main 64-bit file-system
> space). Write to it in the 32-bit area and read from it in the 64-
> bit area. If you need full-duplex communication, you'll have to have
> two pipes (I think.)

here's another idea. can you symlink from inside to outside the
chroot? maybe a link like /chroot/usr/bin/gimp -->/realroot/usr/bin/gimpwrapper.sh
and then setup gimpwrapper.sh to reset the paths to point to 64 bit
libs and then launch gimp. just a thought.

A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFsp3vaIeIEqwil4YRAgoOAKDGA/gq6AUCv7s1MSsHliOn8xDBYgCgoLDb
Ltbi5vFEf+Yoe/we8E+YMxo=
=vkhF
-----END PGP SIGNATURE-----

On Jan 20, 2007, at 5:55 PM, Andrew Sackville-West wrote:

> can you symlink from inside to outside the
> chroot?

Fraid not. The kernel evaluates the symlink's destination in the
environment it came from.

Rick


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Anton Piatek <anton@piatek.co.uk> writes:

> I have a amd64 install of debian with a 32bit chroot for a couple of
> apps. This works great, but I have a question.
>
> Is it possible to have an application inside the 32bit chroot launch
> an application on my main 64 bit system? (e.g. a photo browsing
> program in the 32bit chroot launching gimp, which is installed in my
> main 64 bit system). I currently launch my 32bit programs with
> schroot and am hoping I can set something to make specific programs
> outside the chroot available...
>
> I cannot think of how this can be achieved, so any ideas are
> welcomed.

root can break out of a chroot environment, so if you wrote a small
program to break out of the chroot, switch back to the original user,
then run another program, it would do roughly what you're asking for.
It might also completely destroy security on your system, so if I were
you I would think a lot harder than I have before doing that.

Here's a program that seems to work for me. In the 10 minutes I've
been thinking about it, I haven't found any glaring security problems,
apart from allowing any user on the system to break out of a chroot.

#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

void die(char *why)
{
perror(why);
exit(1);
}

int main(int argc, char *argv[])
{
struct stat st, last_st;
int i;

if (chroot("/tmp") == -1)
die("chroot failed");
if (stat(".",&st) == -1)
die("stat . failed");
if (stat("..",&last_st) == -1)
die("stat .. failed");
while ( (st.st_dev != last_st.st_dev) || (st.st_ino !=
last_st.st_ino) ) {
if (chdir("..") == -1)
die("chdir failed");
st = last_st;
if (stat("..",&last_st) == -1)
die("stat .. failed");
}
if (chroot(".") == -1)
die("chroot failed");

setreuid(getuid(),getuid());

/* Shift arguments over 1 to make room for NULL. */
for(i=0;i<argc-1;i++)
argv[i]=argv[i+1];
argv[argc-1]=NULL;

execvp(argv[0],argv);

die("exec failed");
}


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org