Porteus Kernel Builder

[Ed_P]

what version of the kernel to download here have config_ipc_ns = y,

Excuse me but what version of Porteus are you using? What arch, 64 bit or 32 bit? What kernel are you using? Did you use USM to download firetool/firejail?

[neko]

Porteus most recent kernel (000-kernel.xzm and vmlinuz),
which is gotten on the http://dl.porteus.org/x86_64/kernel/porteus-4.10.8/ ,
is not set CONFIG_IPC_NS in its config.

Thanks.

[neko]

New "updated kernel Example" v4.9.31, v4.4.71 and v3.18.56 were offered.
Please refer to http://forum.porteus.org/viewtopic.php? ... 779#p52232

The kernel of Porteus ISO can be update to version v4.9.31/v4.4.71/v3.18.56 without compiling.

Note1:
The "Kernel Builder" prototype config of every version line is set CONFIG_IPC_NS=y.
And configs of offered "updated kernel Examples" are set CONFIG_IPC_NS=y too.

Note2:
sha256sums.asc in kernel source database might be not updated,
and then "Kernel Builder" download will be fault.
On the case, please download by manual.

--------------------------------------------------------------------------------
[How to update the kernel of Porteus ISO]
Please refer to the example of "kernel 4.9.23".
http://forum.porteus.org/viewtopic.php? ... =60#p54648


Thanks

[neko]

Porteus cannot run with the recent kernel version.

AUFS patch is not yet updated.
Therefore stable version 4.11 line and mainline version 4.12-rc line cannot be used as Porteus kernel.
In the past, Brokenman has requested update to the AUFS developer.
And the developer responsed and updated.
But in the future it cannot be said that the developer will response.

What is the best answer for this problem ?
1. The AUFS patch will be maintained by Porteus members.
The men who have the kernel developing skill are needed.
2. Porteus will employ another overwrap mount system like overlay file system.
Already a trial is done.
It has some issues.
3. Porteus will be run on the other new method base.
There are many live distros.
In these there might be the best method that just fits Porteus.

Thanks.

[fulalas]

This is sad news, neko

BTW, what's the consequence of Porteus not setting CONFIG_IPC_NS in its config?

[ncmprhnsbl]

Therefore stable version 4.11 line and mainline version 4.12-rc line cannot be used as Porteus kernel.

are you sure? http://aufs.sourceforge.net/

linux-4.x-rcN mainline supported and fully tested
linux-4.11 stable supported and fully tested

BTW, what's the consequence of Porteus not setting CONFIG_IPC_NS in its config?

it means that the sandboxing tool 'firejail' wont work or anything else that requires 'kernel namespaces'(NS) feature...

[Evan]

3. Porteus will be run on the other new method base.
There are many live distros.
In these there might be the best method that just fits Porteus.

Thanks.

Sorry to sidetrack the thread but out of interest what base would you choose and what is your opinion of Systemd?

I ask as i value your opinion.

[neko]

@ncmprhnsbl
Just now, I tried to get the 4.11 AUFS patch as following procedure.
Maybe I did something wrong.
Would you tell me how to get ?

Thanks.

Code: Select all

% cat get.aufs.patch
#!/bin/sh

mkdir auf
cd auf

git clone git://github.com/sfjro/aufs4-standalone.git aufs4-standalone.git
cd aufs4-standalone.git
git checkout origin/aufs4.11

mkdir ../a ../b
cp -r {Documentation,fs,include} ../b
rm ../b/include/uapi/linux/Kbuild 2>/dev/null || rm ../b/include/linux/Kbuild
cd ..
diff -rupN a/ b/ > ../aufs.patch

cat aufs4-standalone.git/*.patch >> ../aufs.patch

cd ../
rm -r auf

% ./get.aufs.patch
Cloning into 'aufs4-standalone.git'...
remote: Counting objects: 11576, done.
remote: Compressing objects: 100% (204/204), done.
remote: Total 11576 (delta 141), reused 232 (delta 86), pack-reused 11236
Receiving objects: 100% (11576/11576), 2.19 MiB | 566.00 KiB/s, done.
Resolving deltas: 100% (5453/5453), done.
error: pathspec 'origin/aufs4.11' did not match any file(s) known to git.
cp: cannot stat 'Documentation': No such file or directory
cp: cannot stat 'fs': No such file or directory
cp: cannot stat 'include': No such file or directory
rm: cannot remove '../b/include/linux/Kbuild': No such file or directory
cat: 'aufs4-standalone.git/*.patch': No such file or directory
rm: remove write-protected regular file 'auf/aufs4-standalone.git/.git/objects/pack/pack-bd1bb8bb1fe47f3f2b98376395a43ce6088584e0.idx'? y
rm: remove write-protected regular file 'auf/aufs4-standalone.git/.git/objects/pack/pack-bd1bb8bb1fe47f3f2b98376395a43ce6088584e0.pack'? y

[fulalas]

it means that the sandboxing tool 'firejail' wont work or anything else that requires 'kernel namespaces'(NS) feature...

Which translates to...? Sorry, but I'm totally ignorant on this respect

[neko]

@Evan
I am sorry that I cannot respons a good answer to you.

1. "what base would you choose"
My poor knowledge on LINUX makes me work to search.
Maybe it will take enough time.

2. "what is your opinion of Systemd?"
I have used SYSTEMD in APorteus.

But I do not know it well.
And I do not use it effectively.
For example,
at the end process (reboot/shutdown) it try to do unmount the self running space.
I do not know how to stop this performance.

From APorteus experience, I think, SYSTEMD is easy to set booting environment.

Thanks.

[Evan]

No problem Neko , thank you for the reply and sorry to sidetrack the thread.

I wasn't sure if the idea of different base was just a passing thought or if you already had something of interest.

That was all

[neko]

@fulalas
About "namespace", I do not remember what issue forced me set the "namespace" config.

In the article
http://forum.porteus.org/viewtopic.php? ... 277#p34856

2.2. Kernel v4.1.37
(3) config
2.5. Kernel v4.9
(3) config

Thanks.

[neko]

@Evan
If AUFS updating stop, my first approach is that AUFS is replaced with overlayfs.
Already Porteus using overlayfs can be booted by a little modifying.
http://forum.porteus.org/viewtopic.php?f=75&t=6479

Thanks.

[ncmprhnsbl]

@neko
ok my mistake.. i see you used the aufs4.x-rcN branch patches for 4.11.3...
i would be surprised if further updates aren't forthcoming, just a matter of wait and see...
kernel version updates have become a little over prolific theses days...

Which translates to...?

Firejail is an easy to use SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities.

https://wiki.archlinux.org/index.php/Firejail
..explains it better than i can

[Ed_P]

Is there a command or script that indicates the status of CONFIG_IPC_NS in Porteus?