Open ghost opened 8 years ago
mehakimz
commented
7 years ago It's better keep _apt (sandbox user) in passwd and simply change groupID from 65534 (nogroup) to 3003 (inet) based on kali-nethunter dev's suggestion.
_apt:x:118:3003::/nonexistent:/bin/false
ghost
commented
7 years ago Thanks bro! Will try it next time
ghost
commented
7 years ago I guess we should leave this issue open until someone does a pull that does
sed -i 's/_apt:x:104:65534/_apt:x:104:3004/g' /etc/passwd after install.
And includes this script for use with AfWall+
IPTABLES=/system/bin/iptables
APT_UID=104
$IPTABLES -A afwall-wifi -m owner --uid-owner $APT_UID -j ACCEPT || exit
This issue was a real pain. First I was getting "permission denied" socket error temporarily can't resolve blah when trying apt-get update. I tried so many different things. My one theory was that there was a conflict between ubuntu names/groups and android names/groups. So I backed up passwd group and gshadow, removed everything inside them except for root. Then ran apt-get update and it worked perfectly.
Then I did diffs on the files, and painstakingly merged the old entries back in, making sure there were no UID and GID conflicts and no duplicates. I found a few common users/groups. But they likely would not have been created as duplicates by android-permissions.deb.
Anyway, after putting all the users and groups back, I discovered that apt-get was broken again.
Then finally I figured out it's the _apt user which is used for an apt sandbox. Adding the _apt user to the inet (GID 3003) group does not help, disabling SElinux did not help. This issue occured with Ubuntu 16.04 on CM 13 Android 6.0.1 Kernel 3.4 and SElinux.
Workaround: simply remove the _apt user. Apt can function without sandboxing.