Porteus

Posted: **08 Jun 2017, 04:10**

julian2407 wrote:what version of the kernel to download here have config_ipc_ns = y,

Excuse me but what version of Porteus are you using? What arch, 64 bit or 32 bit? What kernel are you using? Did you use USM to download firetool/firejail?

Posted: **08 Jun 2017, 23:02**

Porteus most recent kernel (000-kernel.xzm and vmlinuz),
which is gotten on the http://dl.porteus.org/x86_64/kernel/porteus-4.10.8/ ,
is not set CONFIG_IPC_NS in its config.

Thanks.

Posted: **09 Jun 2017, 01:41**

New "updated kernel Example" v4.9.31, v4.4.71 and v3.18.56 were offered.
Please refer to http://forum.porteus.org/viewtopic.php? ... 779#p52232

The kernel of Porteus ISO can be update to version v4.9.31/v4.4.71/v3.18.56 without compiling.

Note1:
The "Kernel Builder" prototype config of every version line is set CONFIG_IPC_NS=y.
And configs of offered "updated kernel Examples" are set CONFIG_IPC_NS=y too.

Note2:
sha256sums.asc in kernel source database might be not updated,
and then "Kernel Builder" download will be fault.
On the case, please download by manual.

--------------------------------------------------------------------------------
[How to update the kernel of Porteus ISO]
Please refer to the example of "kernel 4.9.23".
http://forum.porteus.org/viewtopic.php? ... =60#p54648

Thanks

Posted: **10 Jun 2017, 03:02**

Porteus cannot run with the recent kernel version.

AUFS patch is not yet updated.
Therefore stable version 4.11 line and mainline version 4.12-rc line cannot be used as Porteus kernel.
In the past, Brokenman has requested update to the AUFS developer.
And the developer responsed and updated.
But in the future it cannot be said that the developer will response.

What is the best answer for this problem ?
1. The AUFS patch will be maintained by Porteus members.
The men who have the kernel developing skill are needed.
2. Porteus will employ another overwrap mount system like overlay file system.
Already a trial is done.
It has some issues.
3. Porteus will be run on the other new method base.
There are many live distros.
In these there might be the best method that just fits Porteus.

Thanks.

Posted: **10 Jun 2017, 07:22**

This is sad news, neko

BTW, what's the consequence of Porteus not setting CONFIG_IPC_NS in its config?

Posted: **10 Jun 2017, 07:57**

neko wrote: Therefore stable version 4.11 line and mainline version 4.12-rc line cannot be used as Porteus kernel.

are you sure? http://aufs.sourceforge.net/

linux-4.x-rcN mainline supported and fully tested
linux-4.11 stable supported and fully tested

fulalas wrote:BTW, what's the consequence of Porteus not setting CONFIG_IPC_NS in its config?

it means that the sandboxing tool 'firejail' wont work or anything else that requires 'kernel namespaces'(NS) feature...

Posted: **10 Jun 2017, 08:37**

neko wrote: 3. Porteus will be run on the other new method base.
There are many live distros.
In these there might be the best method that just fits Porteus.

Thanks.

Sorry to sidetrack the thread but out of interest what base would you choose and what is your opinion of Systemd?

I ask as i value your opinion.

Posted: **10 Jun 2017, 09:41**

@ncmprhnsbl
Just now, I tried to get the 4.11 AUFS patch as following procedure.
Maybe I did something wrong.
Would you tell me how to get ?

Thanks.

Code: Select all

% cat get.aufs.patch
#!/bin/sh

mkdir auf
cd auf

git clone git://github.com/sfjro/aufs4-standalone.git aufs4-standalone.git
cd aufs4-standalone.git
git checkout origin/aufs4.11

mkdir ../a ../b
cp -r {Documentation,fs,include} ../b
rm ../b/include/uapi/linux/Kbuild 2>/dev/null || rm ../b/include/linux/Kbuild
cd ..
diff -rupN a/ b/ > ../aufs.patch

cat aufs4-standalone.git/*.patch >> ../aufs.patch

cd ../
rm -r auf

% ./get.aufs.patch
Cloning into 'aufs4-standalone.git'...
remote: Counting objects: 11576, done.
remote: Compressing objects: 100% (204/204), done.
remote: Total 11576 (delta 141), reused 232 (delta 86), pack-reused 11236
Receiving objects: 100% (11576/11576), 2.19 MiB | 566.00 KiB/s, done.
Resolving deltas: 100% (5453/5453), done.
error: pathspec 'origin/aufs4.11' did not match any file(s) known to git.
cp: cannot stat 'Documentation': No such file or directory
cp: cannot stat 'fs': No such file or directory
cp: cannot stat 'include': No such file or directory
rm: cannot remove '../b/include/linux/Kbuild': No such file or directory
cat: 'aufs4-standalone.git/*.patch': No such file or directory
rm: remove write-protected regular file 'auf/aufs4-standalone.git/.git/objects/pack/pack-bd1bb8bb1fe47f3f2b98376395a43ce6088584e0.idx'? y
rm: remove write-protected regular file 'auf/aufs4-standalone.git/.git/objects/pack/pack-bd1bb8bb1fe47f3f2b98376395a43ce6088584e0.pack'? y

Posted: **10 Jun 2017, 09:45**

ncmprhnsbl wrote:it means that the sandboxing tool 'firejail' wont work or anything else that requires 'kernel namespaces'(NS) feature...

Which translates to...? Sorry, but I'm totally ignorant on this respect

Posted: **10 Jun 2017, 10:28**

@Evan
I am sorry that I cannot respons a good answer to you.

1. "what base would you choose"
My poor knowledge on LINUX makes me work to search.
Maybe it will take enough time.

2. "what is your opinion of Systemd?"
I have used SYSTEMD in APorteus.

But I do not know it well.
And I do not use it effectively.
For example,
at the end process (reboot/shutdown) it try to do unmount the self running space.
I do not know how to stop this performance.

From APorteus experience, I think, SYSTEMD is easy to set booting environment.

Thanks.

Posted: **10 Jun 2017, 10:55**

No problem Neko , thank you for the reply and sorry to sidetrack the thread.

I wasn't sure if the idea of different base was just a passing thought or if you already had something of interest.

That was all

Posted: **10 Jun 2017, 10:58**

@fulalas
About "namespace", I do not remember what issue forced me set the "namespace" config.

In the article
http://forum.porteus.org/viewtopic.php? ... 277#p34856

2.2. Kernel v4.1.37
(3) config
2.5. Kernel v4.9
(3) config

Thanks.

Posted: **10 Jun 2017, 11:18**

@Evan
If AUFS updating stop, my first approach is that AUFS is replaced with overlayfs.
Already Porteus using overlayfs can be booted by a little modifying.
http://forum.porteus.org/viewtopic.php?f=75&t=6479

Thanks.

Posted: **10 Jun 2017, 13:04**

@neko
ok my mistake.. i see you used the aufs4.x-rcN branch patches for 4.11.3...
i would be surprised if further updates aren't forthcoming, just a matter of wait and see...
kernel version updates have become a little over prolific theses days...

fulalas wrote:Which translates to...?

Firejail is an easy to use SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities.

https://wiki.archlinux.org/index.php/Firejail
..explains it better than i can

Posted: **11 Jun 2017, 05:39**

Is there a command or script that indicates the status of CONFIG_IPC_NS in Porteus?

Porteus

Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder

Re: Porteus Kernel Builder