nix-on-droid icon indicating copy to clipboard operation
nix-on-droid copied to clipboard

Published 20 hours ago verified publisher icon nix-community

ping setuid error

Open 573 opened this issue 2 years ago • 13 comments 

nix --extra-experimental-features nix-command --extra-experimental-features flakes shell nixpkgs#iputils -c ping google.com -c4

errors

ping: setuid: Function not implemented

573 avatar Jun 10 '22 19:06 573

ping requires root or a setuid binary.

SuperSandro2000 avatar Dec 02 '22 04:12 SuperSandro2000

And how do you install setuid? There are suggestion that you need to use the security wrapper

security.wrappers = {
  ping = {
    owner = "root";
    group = "root";
    capabilities = "cap_net_raw+p";
    source = "${pkgs.iputils.out}/bin/ping";
  };
};

But I am unsure where to put this in the flake install of nix on droid

expelledboy avatar Jan 24 '23 10:01 expelledboy

This does not work in nix-on-droid. These are NixOS options. Also you need to root your device otherwise you are restricted to a unprivileged user.

Gerschtli avatar Jan 24 '23 11:01 Gerschtli

But ping command in Termux is working well. It seems like ping command in Termux is just a wrapper of system's ping command.

~ $ cat /data/data/com.termux/files/usr/bin/ping
#!/data/data/com.termux/files/usr/bin/sh
unset LD_LIBRARY_PATH LD_PRELOAD
PATH=$PATH:/system/bin exec /system/bin/ping "$@"

chenx6 avatar Apr 22 '23 11:04 chenx6

But ping command in Termux is working well. It seems like ping command in Termux is just a wrapper of system's ping command.

~ $ cat /data/data/com.termux/files/usr/bin/ping
#!/data/data/com.termux/files/usr/bin/sh
unset LD_LIBRARY_PATH LD_PRELOAD
PATH=$PATH:/system/bin exec /system/bin/ping "$@"

Trying to run /system/bin/ping google.com returns no such file or directory in Nix on Droid.

Pablo1107 avatar Jun 08 '23 20:06 Pablo1107

I got ping to work like this: Modify /system/bin/login by adding -b /system:/uppersystem to the proot command line. Restart the app and run /uppersystem/bin/linker64 /uppersystem/bin/ping. nix-on-droid seems to mask the /system/bin and /android/system/bin directories somehow, but I don't quite get the logic. Perhaps it could expose the real /system/bin directory in a similar manner?

ettom avatar Jul 23 '23 23:07 ettom

Nice, wonder if that could somehow be used towards https://github.com/t184256/nix-on-droid/issues/221

nix-on-droid seems to mask the /system/bin and /android/system/bin directories somehow, but I don't quite get the logic. Perhaps it could expose the real /system/bin directory in a similar manner?

It might be because of a proot-pseudomount to /bin, which we need for /bin/sh?

You might be interested in commits in bin-less branch.

t184256 avatar Jul 23 '23 23:07 t184256

It might be because of a proot-pseudomount to /bin, which we need for /bin/sh?

Just to be sure, are you referring to this line? But then why is /bin a symlink to /system/bin? And why doesn't /android/system/bin contain the contents of the upper /system/bin (due to -b /:/android)?

ettom avatar Jul 24 '23 00:07 ettom

I got ping to work like this: Modify /system/bin/login by adding -b /system:/uppersystem to the proot command line. Restart the app and run /uppersystem/bin/linker64 /uppersystem/bin/ping. nix-on-droid seems to mask the /system/bin and /android/system/bin directories somehow, but I don't quite get the logic. Perhaps it could expose the real /system/bin directory in a similar manner?

Is there a way to declaratively modify the login script from a Nix config file?

Or maybe just add a initialization script on switch.

Pablo1107 avatar Jul 24 '23 00:07 Pablo1107

Is there a way to declaratively modify the login script from a Nix config file?

Or maybe just add a initialization script on switch.

I don't think there is a direct way. What you can do is build your own bootstrap zipball with this change per the instructions in the README. I suppose you could do it with awk/sed from an initialization script too.

ettom avatar Jul 24 '23 10:07 ettom

It should be enough to fork, modify login.nix and point your channel/flake to your fork.

Though when I'm experimenting with it, I usually just edit the login script directly on a spare device =)

t184256 avatar Jul 24 '23 10:07 t184256

It might be because of a proot-pseudomount to /bin, which we need for /bin/sh?

Just to be sure, are you referring to this line? But then why is /bin a symlink to /system/bin? And why doesn't /android/system/bin contain the contents of the upper /system/bin (due to -b /:/android)?

My bad, /android/system/bin seems to work too. So /android/system/bin/linker64 /android/system/bin/ping

ettom avatar Jul 31 '23 22:07 ettom

It might be because of a proot-pseudomount to /bin, which we need for /bin/sh?

Just to be sure, are you referring to this line? But then why is /bin a symlink to /system/bin? And why doesn't /android/system/bin contain the contents of the upper /system/bin (due to -b /:/android)?

My bad, /android/system/bin seems to work too. So /android/system/bin/linker64 /android/system/bin/ping

I have been using this workaround since some time but suddenly I got this error:

CANNOT LINK EXECUTABLE "/android/system/bin/ping": library "/nix/store/qbkpqssvc41v2pd9dda8s3cyxs7m0dbm-dnshack/lib/libdnshackbridge.so" needed or dlopened by "/system/bin/ping" is not accessible for the namespace "(default)"

Edit: this seems to be related to this dnshack I introduced in the past and forgot about. Without it, ping works fine.

Pablo1107 avatar Feb 08 '24 03:02 Pablo1107