1

I recently changed my OS from openSUSE to CentOS. A part of that transition was migrating my chroot jails and schroot configuration. That transition does however not seem to be "plug and play". I used to be able to use schroot as my user "richard", but on CentOS only the root user is able to use schroot.

This is higly inconvenient since operations that were quick and easy now require password input. Is there a configuration that I can change to allow the richard user to use schroot?

Example

$ schroot -c kanos date
E: kanos-247a7d6f-8a4e-4ac2-8d5a-99ce7d66b8a3: Failed to lock chroot:/var/lib/schroot/session/kanos-247a7d6f-8a4e-4ac2-8d5a-99ce7d66b8a3: Failed to write session file: Permission denied

$ sudo schroot -c kanos date
Fri Apr 10 11:43:53 GMT 2015

Note: I have attempted to change the permissions on /var/lib/schroot/session/ and /var/lib/schroot/mount/, to give the richard user access. Schroot did not like that and complained that only root should have access.

$ schroot -c kanos date
E: 10mount: mount: only root can use "--bind" option
E: 10mount: /etc/schroot/setup.d/10mount: line 52: /var/lock/schroot/umount: Permission denied
E: kanos-92acb0de-f663-4bd0-a6b6-9bbe9771b454: Chroot setup failed: stage=setup-start

System info

CentOS Linux release 7.0.1406 (Core)
schroot-1.6.5-5.el7.x86_64

Configuration

[kanos]
description=kanos build server jail
type=directory
directory=/var/chroot/kanos
users=richard
groups=richard
root-users=root
root-groups=root
personality=linux32
preserve-environment=true
Richard Dungal
  • 41
  • 2
  • 6
  • what is your SELinux set to? What does sestatus return? – Droopy4096 Apr 10 '15 at 15:33
  • $ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 – Richard Dungal Apr 10 '15 at 15:53
  • Sorry about the clustered response. I cant seem to get this thing to add line breaks. – Richard Dungal Apr 10 '15 at 15:57
  • in other words selinux is enabled. Which is a good thing. However you may want to drop it into "permissive" mode to test whether that can give you your desired functionality back. If it does - I can provide answer to question on how to tune SELinux to get functionality back – Droopy4096 Apr 10 '15 at 16:05
  • Changing to permissive mode did not affect the outcome. – Richard Dungal Apr 13 '15 at 11:13
  • $ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 – Richard Dungal Apr 13 '15 at 11:13
  • I was getting nowhere with this issue. Gave up on CentOS, and switched my OS to Fedora. schroot is working fine there. – Richard Dungal Apr 21 '15 at 17:19

1 Answers1

2

I met the same issue and found the solution. You need to set the setuid root to the schroot executable file. The step is shown below.

  1. cd /usr/bin
  2. sudo chmod 4755 schroot
  3. enjoy it.
masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Johnny Huang
  • 21
  • 2