-
-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running with chroot? #427
Comments
|
setenforce 0 doesn't work in my kernel,
And then i ran the same commands in chroot and it kept repeating
And termux-x11 didn't display anything (except preferences and help buttons) |
Termux:X11 can not work with enabled selinux. You can try mount-binding |
I did this and when i try to run both (termux-x11 and dbus-launch in chroot) the terminal outputs a number that starts with the same number from the other one
I tried this multiple times and the same thing happens with other numbers like 7 I mounted both $PREFIX/tmp/.X11-unix on $DISTRO/tmp/. X11-unix and $DISTRO/tmp/. X11-unix on $PREFIX/tmp/.X11-unix |
I guess i am stuck with proot and vnc, thanks 🙏 sorry for wasting your time |
You shouldn't see any text in termux:x11 right after executing /system/bin/app_process / com.termux.x11.CmdEntryPoint :0 looks likeyou didn't disable selinux |
you can add rules with magiskpolicy magiskpolicy --live "allow untrusted_app * * *" |
Thank you so much this worked! |
@romanovj It is not really secure. Is it possible to be more precise and allow this only for specific app? Or specific uid? |
slightly more secure than setenforce 0 most dumb way - systemise x11 and allow everything for priv_app/platform_app I will try to do something, but not now |
I am curious what does this command do? As i think it looks it looks like it gives root or some sort of terminal or limited system access for untrusted apps why not make termux-x11 request root for chroot users instead? |
this command disable seelinux checks for untrusted_app (installed by user) Alt. commands with minimum permissions |
I can try to get calling process pid and ensure it is termux-x11 (to make sure I am not disable selinux restrictions of some other, potentially malicious application). |
you can't do it that way, you can't add level (c243) to scontext untrusted_app |
I did weird thing. disable selinux for runas_app (no one should be runas except us) and become runas with adb help (I have segfault from root user)
also copy xkb folder from chroot to termux:x11 dir Start server
mount x11 tmp to chroot tmp before chroot
some info
|
to get around the fact that run-as segfaults on root user, I made a tool to fake adb via su. the group id's though are hardcoded currently, so it may be required to replace them (you can find gid via id -G YOUR_GROUP_HERE). |
I have been trying to run termux-x11 using archlinux chroot and no clear tutorial explains how to do it; here is a script i made to try and run it:
I ran this using the tsu command which runs termux in root mode than i did
termux-x11 :1 -ac &
Then i ran chroot and did
Which returns
What am I doing wrong? (Don't know if i should report this here but i really need help 🙏🙏🙏)
The text was updated successfully, but these errors were encountered: