Closed personalizedrefrigerator closed 2 years ago
proot does not handle file ownership and it's incorrectly handled. intended behavior
You may want to check #140 for use of ownership in proot
. while performance may or may not be noticable. there may be more issues with this feature
proot does not handle file ownership and it's incorrectly handled. intended behavior
You may want to check #140 for use of ownership in
proot
. while performance may or may not be noticable. there may be more issues with this feature
Makes sense! Thank you!
Also, I'll add that proot is not security sandbox, only compatibility one, so it cannot guarantee containment of programs executed inside it in either configuration
intended behavior
What are intended behaviors? be Can this intended behavior be elaborated upon please?
intended behavior
Can this intended behavior be elaborated upon please?
As I've previously noted goal of proot is compatibility and unless some program someone wants to run in proot relies on being unable to write to these directories it is not considered a bug
The no-ownership-keeping behavior of proot was there already when I've took over it and I think it is good enough for compatibility needs and doesn't justify added complexity (although there is support for that in USERLAND
builds, this isn't default, both because that isn't generally needed for compatibility as well as there was no clear migration path for adding such feature to already installed rootfs
-s)
no-ownership-keeping behavior of proot was there already when I've took over it and I think it is good enough for compatibility needs and doesn't justify added complexity
I agree; For example DOS OS and later Windows32 justified not adding complexity. It worked!
not considered a bug
Neither was it considered a DOS bug. Thank you for replying. Who owns the proot files? I take it it it PRoot, unless we consider upstream.
linux group user ?
root
whenroot
,user
whenuser
The logins vary? Who is radio
? Who is system
?
I would ask who root
is, but I would like to know more about the fake permission hiearchy please?
I would ask who root is, but I would like to know more about the fake permission hiearchy please?
The metadata of ownership and permission file index is stored in hidden .proot-meta-file.file
so once proot
ed guest system is initiated ownership and permissions will be applied from the metafiles
this would increase a very small amounts of space and a number of files (unless can be hidden with -H
) and performance may decrease when writing file information before it's properties are changed and ownership is now being applied, whenever who logins as user they can't access or write somebody's files that isn't owned by theirs
This is the problem when updating proot
with such support while somebody have guest system installed would crumple their installation for not having proper ownership
.proot-meta-file.file
Thank you for your answer @wmcbtech30; I managed to find issue, "enhance the link2symlink with a log file named $PROOT_L2S_LOG #186" issue which shares a little more information following up on your reply.
proot does not handle file ownership and it's incorrectly handled. intended behavior
Do I understand you correctly @wmcbtech30 ?
"PRoot does not handle file ownership, and this is intended behavior."
proot is not security sandbox, only compatibility one, so it cannot guarantee containment of programs executed inside it in either configuration
Thank you for replying; As far as I see, there is none. PATH
sandboxes, but this is irrelevant. What about binds? Can someone explain the binds aspect a little more, and how binds is relevant to PATH
please?
program needs path = it is sandboxed
program needn't path = it is sandboxed NOT
It looks like this is breaking chrome
and electron
-based apps:
The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/mesozoic/Programming/joplin/packages/app-desktop/node_modules/electron/dist/chrome-sandbox is owned by root and has mode 4755.
I get a similar error when attempting to launch chromium
(I'm running manjaro-aarch64
within proot-distro
).
The current workaround is passing --no-sandbox
flag to chromium and it's friends
Problem description
Many folders directly in
/
are writable by any user. I'm not sure if this is aproot
issue or aproot-distro
issue (or if this is really a feature request!).Steps to reproduce
Verbose output: log.txt
Expected behavior
/root
and/etc
should always be listed as owned byroot
.Additional information