|
From: | Marc Reymann |
Subject: | LilyPond not working in jail mounted "noexec" |
Date: | Mon, 28 Jul 2014 15:53:14 +0000 |
Hello LilyPond users, I’ve created a chroot jail for LilyPond 2.18.2 on Ubuntu 12.04.4 LTS which I installed by executing the binary lilypond-2.18.2-1.linux-64.sh. I have followed the instructions the instructions on
http://www.lilypond.org/doc/v2.19/Documentation/usage/command_002dline-usage#lilypond-in-chroot-jail and it works only if the loopfile is mounted WITHOUT “noexec”. The lilypond binary will be executed on .ly files of unknown origin and I cannot use the “-dsafe” option since it breaks some functionality. Still I try to make rendering as safe as possible by using the “noexec” mount option as suggested in the manual here: I’ve used a minimal example for testing: address@hidden:~# cat /mnt/lilyloop/lilyhome/test.ly \version "2.14.1" { % middle tie looks funny here: <c' d'' b''>8. ~ <c' d'' b''>8 } The user „pigpen“ has sudo rights to execute /usr/local/bin/lilypond Case 1: Jail mounted WITHOUT “noexec” - /home/lily/loopfile on /mnt/lilyloop type ext3 (rw,nosuid,nodev) address@hidden:~$ sudo /usr/local/bin/lilypond -jlily,lily,/mnt/lilyloop,/lilyhome --png --header=texidoc test.ly GNU LilyPond 2.18.2 Processing `test.ly' Parsing... Interpreting music... Preprocessing graphical objects... Finding the ideal number of pages... (process:3701): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (1002) Fitting music on 1 page... Drawing systems... Layout output to `test.ps'... Converting to PNG... Success: compilation successfully completed Case 2: Jail mounted WITH “noexec” - /home/lily/loopfile on /mnt/lilyloop type ext3 (rw,noexec,nosuid,nodev) address@hidden:~$ sudo /usr/local/bin/lilypond -jlily,lily,/mnt/lilyloop,/lilyhome --png --header=texidoc test.ly GNU LilyPond 2.18.2 Processing `test.ly' Parsing... Interpreting music... Preprocessing graphical objects... Finding the ideal number of pages... (process:3783): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (1002) (process:3783): Pango-WARNING **: /usr/local/lilypond/usr/bin/..//lib/pango/1.6.0/modules/pango-basic-fc.so: failed to map segment from shared object: Operation not permitted (process:3783): Pango-WARNING **: Failed to load Pango module '/usr/local/lilypond/usr/bin/..//lib/pango/1.6.0/modules/pango-basic-fc' for id 'BasicScriptEngineFc' (process:3783): Pango-WARNING **: failed to choose a font, expect ugly output. engine-type='PangoRenderFc', script='common' (process:3783): Pango-CRITICAL **: pango_fc_font_lock_face: assertion `PANGO_IS_FC_FONT (font)' failed What am I doing wrong? Is the setup still safe without the “noexec” option? Thank you all in advance, Marc Marc Reymann Systemadministration Hallo Welt! - Medienwerkstatt GmbH Residenzstraße 2 93047 Regensburg Tel. +49 (0) 941 - 66 0 80-195 Fax +49 (0) 941 - 66 0 80-189 Sitz: Regensburg Amtsgericht: Regensburg Handelsregister: HRB 10467
E.USt.Nr.: DE 253050833
Geschäftsführer: Anja Ebersbach, Markus Glaser, Dr. Richard Heigl, Radovan Kubani |
[Prev in Thread] | Current Thread | [Next in Thread] |