Slackware chroot on Fedora

I used Slackware to give new life to some low-end computers. I wanted to run Fedora 13 on my desktop to try SELinux, but I wanted to compile packages on my desktop instead of the weaker computers. My first approach was to install Slackware in a virtual machine, but my processor lacks VT-x and KVM ran very slowly. My next approach was to install Slackware in a chroot environment. Test builds are exactly what chroot() was made for. SELinux broke the compiler, so I made local policy to grant all permissions to Slackware. This is not so great for security, but well enough for a learning exercise. Plus, I don't have to reboot into Slackware or disable SELinux. Here's what I did.

Installed Slackware 13.1 from the first install CD, based on these notes.

# mkdir /slackware
# cd /slackware
# for f in /media/S13_1d1/slackware/a/*tgz; do tar xf $f; done
# sbin/installpkg -root /slackware /media/S13_1d1/slackware/{a,ap,d,l,n}/*.txz


Created SELinux policy to allow slackware to do everything. The following documents were helpful.

• SELinux FAQ, section 1.2, question 4.
• SELinux Project Policy Language.
• Seedit SELinux Permissions.


# cd
# mkdir slackware
# cd slackware
# touch slackware.{fc,if,te}
# cat >slackware.te <<__EOF__
policy_module(slackware, 1.0)

require {
type fs_t;
type setfiles_t;
type unconfined_t;
}

type slackware_t;

# necessary for restorecon
allow slackware_t fs_t : filesystem { associate } ;
allow setfiles_t slackware_t : file * ;
allow setfiles_t slackware_t : dir * ;
allow setfiles_t slackware_t : lnk_file * ;
allow setfiles_t slackware_t : chr_file * ;
allow setfiles_t slackware_t : blk_file * ;
allow setfiles_t slackware_t : fifo_file * ;

# necessary for programs within chroot /slackware
allow unconfined_t slackware_t : file * ;
allow unconfined_t slackware_t : dir * ;
allow unconfined_t slackware_t : lnk_file * ;
allow unconfined_t slackware_t : chr_file * ;
allow unconfined_t slackware_t : blk_file * ;
allow unconfined_t slackware_t : sock_file * ;
allow unconfined_t slackware_t : fifo_file * ;
__EOF__
# make -f /usr/share/selinux/devel/Makefile
# semodule -i slackware.pp
# semanage fcontext -a -s unconfined_u -t slackware_t '/slackware.*'
# restorecon -R /slackware


Then I tested the chroot environment. It is not shown here, but I also built several packages from http://slackbuilds.org/.

# mkdir proc sys
# mount --bind /proc /slackware/proc
# mount --bind /sys /slackware/sys
# chroot /slackware
# cd
# cat >hi.c <<__EOF__
#include <stdio.h>

int main(int argc, char *argv[]) {
puts("hi there");
return 0;
}
__EOF__
# cc -o hi hi.c
# ./hi
hi there