Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support for termux #26

Open
FZXO11 opened this issue Dec 9, 2024 · 11 comments
Open

support for termux #26

FZXO11 opened this issue Dec 9, 2024 · 11 comments

Comments

@FZXO11
Copy link

FZXO11 commented Dec 9, 2024

Hello i hope you are doing well.

I am interested in your project and want to say can you port it to termux (Linux terminal for Android)? we are using chroot/proot from a long time chroot for root users works well and proot for non root users but it is really slow compared to chroot if you can port lxroot to termux it will be a game changer
Don't worry about fakeroot pkg we have it

Cheers

@parke
Copy link
Owner

parke commented Dec 9, 2024

Thank you for contacting me.

Have you tried simply compiling Lxroot inside of Termux?

If yes, did Lxroot compile successfully?

If yes, did Lxroot run?

If yes, did Lxroot run successfully?

My expectation is that Lxroot will, very probably, compile and run as-is (i.e. without modification) on any reasonably recent Linux kernel. So the first thing I would try is just compiling and running Lxroot inside of Termux.

If you want me to try to compile and run Lxroot inside of Termux, then do you know if I can run Termux in QEMU? If yes, is there a guide to running Termux in QEMU?

@FZXO11
Copy link
Author

FZXO11 commented Dec 9, 2024

@parke thx for quick reply.
It didn't compile
./lxroot.cpp:503:29: error: use of undeclared identifier 'get_current_dir_name'
./lxroot.cpp:403:29: error: no member named 'fgetpwent' in the global namespace

I guess it's because termux is bionic based i also noticed unistd.h is from android modified not normal Linux .

Run termux in QEMU? No you can't you need to emulate whole android system BlueStacks for windows and waydroid for linux.

@FZXO11
Copy link
Author

FZXO11 commented Dec 9, 2024

Btw other tools like bwrap,unshare,uchroot,rootlesskit compiled successfully and run but not successfully. unshare and bwrap is a pre built pkg in termux but needs root

@parke
Copy link
Owner

parke commented Dec 9, 2024

It didn't compile
./lxroot.cpp:503:29: error: use of undeclared identifier 'get_current_dir_name'
./lxroot.cpp:403:29: error: no member named 'fgetpwent' in the global namespace

get_current_dir_name appears to be part of glibc, and I can probably avoid using it.

fgetpwent appears to be from SVr4, and not part of any standard. I can probably avoid using it, too.

(Musl libc must provide them both, as I regularly build Lxroot in an Alpine Linux userland.)

So basically, I would (or you would) need to either (a) "port" Lxroot to the Bionic C library, or (b) statically compile Lxroot on a different system (this would avoid using Bionic altogether). Both are possible.

Btw other tools like bwrap,unshare,uchroot,rootlesskit compiled successfully and run but not successfully. unshare and bwrap is a pre built pkg in termux but needs root

Interesting. If unshare as non-root fails, then Lxroot as non-root will probably also fail. It would be interesting to know why unshare is failing. One possibility is that Android has disabled unprivileged user namespaces in the Linux kernel. I'm not sure if they are disabled at run-time and/or at compile time. I'm also not sure how to check whether or not they are enabled (other than by trying to use them and subsequently failing, as Lxroot, bwrap, and unshare all do).

The below link might help you investigate if unprivileged namespaces are disabled.

https://unix.stackexchange.com/questions/303213/how-to-enable-user-namespaces-in-the-kernel-for-unprivileged-unshare

If unprivileged namespaces are disabled, then here is another option. I could modify Lxroot to work as a suid binary. Non-root users would run Lxroot. Lxroot would run as root (via the suid bit). Lxroot would create and enter its chroot-environment. Then, Lxroot would drop root privileges and run the specified command inside the chroot-environment. I've thought about modifying Lxroot to support this use-case, and I do believe this modification would be possible. But I have never needed it myself.

Another question: If unprivileged namespaces are disabled in Android, and if Termux is running as non-root, then how does Termux itself perform a chroot? (Or does Termux itself run as root?)

@parke
Copy link
Owner

parke commented Dec 9, 2024

If I download a termux-app apk from GitHub, will it contain a chroot directory containing a fully operational Bionic-based userland? If so, I should be able Lxroot into that userland. I'm wondering what the simplest way is for me to get Bionic-based x86_64 (or x86) chroot directory that I can Lxroot into.

@FZXO11
Copy link
Author

FZXO11 commented Dec 10, 2024

@parke sorry for late reply
termux.apk doesn't contain it it download a bootstrap which is available on GitHub but it's hardcodded to work with /data/data/com.termux/files
Also termux can run as root or not it can use sudo and su if you have root access
Btw Ubuntu 18.04 uses bionic as i remember

My kernel version is 5.10 so there's not.
kernel.unprivileged_userns_clone=1
But there's.
user.max_user_namespaces = 42717
So unprivileged namespaces is enabled?
zcat /proc/config.gz | grep -i CONFIG_NAMESPACE`
Shows 1 so namespaces is overall enabled.

I used strace with all tools i tried, unshare fails in
unshare(CLONE_NEWNS) = -1 EPERM (Operation not permitted)

I built lxroot static anyway inside proot alpine and transfer it to termux home it run and gives the help but when i try to do anything.
lxroot error try1 unshare
strace output:
unshare(CLONE_NEWNS|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET) = -1 EINVAL (Invalid argument)

I am not sure about the suid trick but you can try i think we should focus on this weird problem with unshare.

@parke
Copy link
Owner

parke commented Dec 10, 2024

@parke sorry for late reply termux.apk doesn't contain it it download a bootstrap which is available on GitHub but it's hardcodded to work with /data/data/com.termux/files

Can you send me the /etc/apt/sources.list file from Termux? If I know where Termux's Debian-style repos are, I can probably bootstrap a Bionic-based userland directly from the repos.

Btw Ubuntu 18.04 uses bionic as i remember

All versions of Ubuntu use glibc. (Ubuntu 18.04 happened to have the codename "Bionic Beaver", but that is pure coincidence.)

I used strace with all tools i tried, unshare fails in unshare(CLONE_NEWNS) = -1 EPERM (Operation not permitted)

Try strace unshare -Ur true on a normal Linux system and see what success looks like. I think as a non-root user, you must include the CLONE_NEWUSER flag for unshare to succeed. (I could be wrong about this.)

For example, I get:

$ strace unshare -Ur true 2>&1 | grep unshare
execve("/usr/bin/unshare", ["unshare", "-Ur", "true"], 0x7fffaeff6f50 /* 41 vars */) = 0
unshare(CLONE_NEWUSER)                  = 0

I built lxroot static ...
lxroot error try1 unshare

The above is Lxroot reporting that the call to unshare failed. (Lxroot simply exits if any system call fails.)

I am not sure about the suid trick but you can try i think we should focus on this weird problem with unshare.

Focusing on unshare is reasonable. I strongly suspect that unshare, bwrap, and Lxroot are all failing for the same reason. They all use namespaces in basically the same way, so they are probably all failing for the same reason.

@FZXO11
Copy link
Author

FZXO11 commented Dec 10, 2024

@parke
sources.list just have
deb https://packages-cf.termux.dev/apt/termux-main stable main
I still recommend you to not to try you will need to change the paths in every pkg you need

this is what i got if i run your example in termux and my chroot ubuntu as none root user and root user

execve("/usr/bin/unshare", ["unshare", "-Ur", "true"], 0x7fd6db4f90 /* 18 vars */) = 0
unshare(CLONE_NEWUSER) = -1 EINVAL (Invalid argument)
write(2, "unshare: ", 9unshare: ) = 9
write(2, "unshare failed", 14unshare failed) = 14

@FZXO11
Copy link
Author

FZXO11 commented Dec 10, 2024

bwrap is in another repo root-repo they put any pkgs that use root there it fails before doing anything
bwrap: Can't read /proc/sys/kernel/overflowuid: Permission denied

@parke
Copy link
Owner

parke commented Dec 10, 2024

this is what i got if i run your example in termux and my chroot ubuntu as none root user and root user

execve("/usr/bin/unshare", ["unshare", "-Ur", "true"], 0x7fd6db4f90 /* 18 vars */) = 0
unshare(CLONE_NEWUSER) = -1 EINVAL (Invalid argument)
write(2, "unshare: ", 9unshare: ) = 9
write(2, "unshare failed", 14unshare failed) = 14

Maybe Android or Termux is installing seccomp filters that block certain system calls?

Similar to this:

termux/termux-packages#11112

I'm not an expert on Android, nor on Termux. So there may not be anything else I can do to help you learn why the call to unshare is failing.

@FZXO11
Copy link
Author

FZXO11 commented Dec 11, 2024

Ok thx for your time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants