musl.md: replace proot mention with bubblewrap #610
Conversation
|
We should not suggest proot at all for that, because it is that cursed and mostly broken and not required on a void system since we have user namespaces enabled. I don't like to suggest |
|
I think the only advantage |
I wasn't aware of this. bubblewrap seems to work for me, shall I instead of mentioning xbps-uunshare just replace proot with bubblewrap then? |
|
I think that would be preferable! Thanks c: |
balejk
changed the title
src/installation/musl.md
Outdated
| chroot using [umount(8)](https://man.voidlinux.org/umount.8). | ||
|
|
||
| #### PRoot | ||
| #### bubblewrap |
There was a problem hiding this comment.
| #### bubblewrap | |
| #### Bubblewrap |
There was a problem hiding this comment.
From the bubblewrap README it was not clear to me whether the official name is stylized with capital or lower "B" and as neither musl, nor glibc chroot section titles are capitalized, I chose the lowercase variant which seemed more likely based on the README. However, the README uses capital "B" in the title so indeed let's use that.
src/installation/musl.md
Outdated
| An alternative for unprivileged users is the | ||
| [bwrap(1)](https://man.voidlinux.org/bwrap) command which uses Linux namespaces | ||
| to run applications in a sandbox container. It can be installed via the | ||
| `bubblewrap` package. |
There was a problem hiding this comment.
| An alternative for unprivileged users is the | |
| [bwrap(1)](https://man.voidlinux.org/bwrap) command which uses Linux namespaces | |
| to run applications in a sandbox container. It can be installed via the | |
| `bubblewrap` package. | |
| An alternative for unprivileged users is | |
| [bwrap(1)](https://man.voidlinux.org/bwrap.1), which uses Linux namespaces. It can be installed via the | |
| `bubblewrap` package. An example invocation is shown below: |
Then include an example of how to use it, since it's not always obvious, IMO.
There was a problem hiding this comment.
I omitted an example invocation because from CONTRIBUTING I inferred that it's preferred that readers study the manual page and decide for themselves which options will best suit their needs. Anyway, if you have any experience with this utility, please propose some full example, as all I needed to do in my case was
$ bwrap --bind path/to/chroot / commandwhich seems too basic.
There was a problem hiding this comment.
I think in this case the command is helpful, since what's desired from the tool isn't immediately obvious. I'd suggest adding --proc /proc and --dev /dev, at least.
There was a problem hiding this comment.
Actually, I'm currently unable to get a container set up using
$ XBPS_TARGET_ARCH=x86_64 xbps-install -S -r /tmp/chroot -R https://... base-voidstrapto work properly - I have used
$ bwrap --bind /tmp/chroot / --uid 0 --gid 0 --dev /dev --proc /proc --ro-bind /etc/resolv.conf /etc/resolv.conf shto chroot into it, but when I try to ping voidlinux.org, I get ping: socket: Operation not permitted. What am I missing?
There was a problem hiding this comment.
Nevermind, apparently it's because of capabilities.
|
Ping? |
|
Sorry, I'm just busy lately, but I didn't forget. My last effort was to use |
|
Ok, just checking! Can you share errors you got, if any? Given that torbrowser will probably use namespaces on its own, there might be some confusion. |
|
Currently I'm getting Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.3.5
https://github.com/micahflee/torbrowser-launcher
Traceback (most recent call last):
File "/bin/torbrowser-launcher", line 30, in <module>
torbrowser_launcher.main()
File "/usr/lib/python3.10/site-packages/torbrowser_launcher/__init__.py", line 76, in main
common = Common(tor_browser_launcher_version)
File "/usr/lib/python3.10/site-packages/torbrowser_launcher/common.py", line 71, in __init__
self.init_gnupg()
File "/usr/lib/python3.10/site-packages/torbrowser_launcher/common.py", line 282, in init_gnupg
self.import_keys()
File "/usr/lib/python3.10/site-packages/torbrowser_launcher/common.py", line 367, in import_keys
imported = self.import_key_and_check_status(key)
File "/usr/lib/python3.10/site-packages/torbrowser_launcher/common.py", line 337, in import_key_and_check_status
with gpg.Context() as c:
File "/usr/lib/python3.10/site-packages/gpg/core.py", line 206, in __init__
self.protocol = protocol
File "/usr/lib/python3.10/site-packages/gpg/core.py", line 161, in __setattr__
super(GpgmeWrapper, self).__setattr__(key, value)
File "/usr/lib/python3.10/site-packages/gpg/core.py", line 885, in protocol
errorcheck(gpgme.gpgme_engine_check_version(value))
File "/usr/lib/python3.10/site-packages/gpg/errors.py", line 120, in errorcheck
raise GPGMEError(retval, extradata)
gpg.errors.GPGMEError: GPGME: Invalid crypto engine
|
|
@ericonr I believe this is ready for another review. |
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap supercedes: - closes void-linux#300 - closes void-linux#610
|
@classabbyamp I see you are working on some changes rendering this pull request rather obsolete, can I close it then? |
|
up to you, I haven't been able to test what i wrote fully yet |
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap - mention OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap - mention OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap - mention OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap - mention OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot, xbps-uchroot, xbps-uunshare, and bwrap - mention OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot and bwrap - mention OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot and bwrap - mention flatpak and OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot and bwrap - mention flatpak and OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot and bwrap - mention flatpak and OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot and bwrap - mention flatpak and OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
- based on the section of installation/musl - remove proot - add xchroot and bwrap - mention flatpak and OCI containers supercedes: - closes void-linux#300 - closes void-linux#610
5 participants
Recently I needed to run a glibc dependent program on musl, preferably without having root privileges, and I had difficulties getting proot to work properly. It would have been useful to know about xbps-uunshare, because that worked out of the box, plus it is usually preinstalled on Void and no additional packages need to be installed.