Re: Chroot and X-Window applications

From: Barry Margolin (barry.margolin_at_level3.com)
Date: 05/15/03

  • Next message: all mail refused: "Re: Keon ?" 
    Date: Thu, 15 May 2003 14:42:31 GMT

    In article <slrnbc6h8m.dao.Julien.Salgado@io.fluxus.net>,
    Julien Salgado <Julien.Salgado@f_r_e_e_f_r.ignore.invalid> wrote:
    >Erwan Becquet wrote :
    >> Hi everybody,
    >
    >Hi,
    >
    >> I have a strange problem, I want to start programs
    >> from a chrooted tree. It works perfectly with non-x
    >> apps. But with X apps (emacs for example), I have an
    >> error "Cant Connect to X Server on :0". Same work
    >> perfecly without chroot.
    >>
    >> I think X-Window use some special place of the filesystem
    >> but I cant find what.
    >
    >X needs a socket either a unix socket (Sometihng like /tmp/.X11-unix/X0)
    >or a TCP/IP socket. The connection to :0 is refering to the latter.

    Are you sure? I think :0 uses the Unix-domain socket, while <hostname>:0
    would use the network.

    >> Has someone already encounter a similar problem ? Or maybe
    >> someone has a deep knowledge of X-Window mechanisms and could
    >> help me ?
    >
    >Normally it should work, but chrooting an X application is only usefull
    >if X is completely chrooted (i.e. an X client is not accessing a X
    >server outside the chroot). So you will have to included a large amount
    >of library and binary in your chroot.

    If it got far enough to give him a "Can't connect" message, the libraries
    must have been loaded successfully (maybe it's statically linked). 

    -- 
Barry Margolin, barry.margolin@level3.com
Genuity Managed Services, a Level(3) Company, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
  • Next message: all mail refused: "Re: Keon ?"

    Relevant Pages

    • Chroot and X-Window applications
      ... I have a strange problem, ... from a chrooted tree. ... But with X apps, ... I tried with a chroot on / and it works. ...
      (comp.security.unix)
    • Re: Chroot and X-Window applications
      ... > I have a strange problem, ... But with X apps, ... > I tried with a chroot on / and it works. ... Nigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK ...
      (comp.security.unix)
    • Re: bug in libc6
      ... > | install it into it's own little chroot containing whatever old libraries ... > Before I go off and do this, it occurs to me that running an X server ... > in chroot might be problematic. ... one machine and your apps on another. ...
      (Debian-User)
    • Re: [RFC][PATCH 0/11] security: AppArmor - Overview
      ... You may filter out worms and script kiddies this way but in the end you are using obscurity (of filesystem layout, what the policy allows, how the apps are configured, etc) for security, which again, leads to a false sense of security. ... I was paying attention, thank you. ... So it may not be able to chroot during runtime but if you can't be sure that it starts in the chroot the argument still applies. ...
      (Linux-Kernel)
    • Re: BUG? atleast >=2.6.19-rc5, x86 chroot on x86_64
      ... for 10 days, and then chroot in, run ... the 32bit apps, and within hours of using, hardlock. ... Early AMD K8 platforms had a hardware bug that could have caused ...
      (Linux-Kernel)