Python doesn't work in chroot

IBM / ibmichroot

A set of scripts to facilitate the use of chroot-based containers for IBM i

MIT License

21 stars 9 forks source link

Python doesn't work in chroot #54

Closed pasquini79 closed 4 years ago

pasquini79 commented 5 years ago

Hi ive configured chroot because some users need SSH connection. Anyway, when the user is connected on the IBMi , it is impossible run python scripts due to this error:

chroot /QOpenSys/riskccg /QOpenSys/usr/bin/sh
python3
Could not load program python3:
Could not load module /QOpenSys/usr/lib/libpython3.4m.so.
Dependent module libutil.a(shr.o) could not be loaded.
Could not load module libutil.a(shr.o).
System error: No such file or directory
Could not load module python3.
Dependent module /QOpenSys/usr/lib/libpython3.4m.so could not be loaded.
Could not load module .

Is it possible to enable python on chroot folder? Thank you

pasquini79 commented 5 years ago

The previous version of OPS included PYTHON.lst. Now it is no more in yum :+1:

ls /QOpenSys/pkgs/lib/ibmichroot/config
chroot_bins.lst chroot_libs.lst chroot_PowerRuby.lst chroot_xlc.lst chroot_ZendServer6.lst
chroot_chown.sh chroot_minimal.lst chroot_system.lst chroot_ZendDBi-5.1.59.lst include.tar
chroot_includes.lst chroot_nls.lst chroot_template.lst chroot_ZendServer5.lst
$

pasquini79 commented 5 years ago

Hi any new on this topic? thank you

kadler commented 5 years ago

The problem is that the old script did not copy in all the dependencies. Since these scripts were hand-written, they could get out of date with the dependencies as the software was updated with new capabilities (and new dependencies). You can manually copy in libutil.a from the root:

cp /QOpenSys/usr/lib/libutil.a /QOpenSys/riskccg/QOpenSys/usr/lib

However, it's advised to stop using OPS and move to yum instead. yum does all the dependency management for you, so once you've got the chroot set up, you can just use yum to install the software in to it:

yum install --installroot /QOpenSys/riskccg python3

pasquini79 commented 5 years ago

Hi now it works. Anyway, a user with no *ALLOBJ is not able to run chroot in QSHELL:

chroot: cannot change root directory to '/QOpenSys/riskccg'

What can i authorize? Thank you

kadler commented 5 years ago

chroot requires *ALLOBJ

pasquini79 commented 5 years ago

Hi so, there is no way to open a QSHELL setting chroot for a user with no *ALLOBJ?

kadler commented 5 years ago

Nope. The only way would be to use some tool which adopts *ALLOBJ authority first.

ThePrez commented 5 years ago

There is a way to have a non-*ALLOBJ user automatically placed in a chroot if they connect via SSH. This seems to not be documented in the project. (will open a separate issue)

The CHGUSRPRF nugget in this article is still relevant: https://www.mcpressonline.com/programming-other/general/techtip-ifs-containers-part-2-automation-with-ibm-i-chroot