Derivative-Maker | Installing kernel from backports?

Patrick · May 13, 2025, 5:26pm

I’ll refactor that code.

Btw kill accepts multiple pids. No need for a loop. But kill doesn’t support “try signal sigterm first, wait and fall back to signal sigkill after timeout”. start-stop-daemon can do that.

Patrick · May 13, 2025, 5:41pm

Done. Please check and test.

e-coin · May 13, 2025, 5:53pm

Btw kill accepts multiple pids. No need for a loop

Yeah, something funny happened.

I kinda knew that, but wasn’t sure if both kill PID1 PID2 PID3 and kill PID1\nPID2\nPID3 were possible and the second which is returned by pgrep failed, because of a ‘self-induced’ shell related issue. And there goes another stupid, unnecessary post.

Done. Please check and test.

Thanks man, I’ll check it right away.

e-coin · May 15, 2025, 8:58pm

Hey man, thanks a bunch!

I just finished with the whonix_builder repo and everything is working beautifully.
If anyone is interested you can check it out here:

There is just one tiny thing that I’m trying to understand, though.

The container needs to be run with --privileged or tmpfs fails to mount in /var/cache/pbuilder @ 1300_cowbuilder-setup.

I: mounting /proc filesystem
mount: /var/cache/pbuilder/base.cow_amd64/proc: permission denied.
       dmesg(1) may have more information after failed mount system call.
W: Aborting with an error

That’s probably the command:

 $SUDO_TO_ROOT mount -t tmpfs -o size=2G none /var/cache/pbuilder

dmesg indicating unpermitted exec, I’m assuming:

audit: type=1101 audit(1747347973.823:993): pid=4016534 uid=1000 auid=1000 ses=1 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
audit: type=1123 audit(1747347973.823:994): pid=4016534 uid=1000 auid=1000 ses=1 subj=unconfined msg='cwd="/home/user" cmd=696E67866636536C202D2D776F726B2D746746F72793D2F684765726D696E6136B736F6E exe="/usr/bin/sudo" terminal=? res=success'
audit: type=1110 audit(1747347973.823:995): pid=4016534 uid=1000 auid=1000 ses=1 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
audit: type=1105 audit(1747347973.823:996): pid=4016534 uid=1000 auid=1000 ses=1 subj=unconfined msg='op=PAM:session_open grantors=pam_limits,pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'

I tested mounting tmpfs in the container, and also got permission denied without --privileged

Definitely a docker related question, so I wouldn’t be mad at a deferral lol. Just wanted to know your thoughts on this.

Patrick · May 16, 2025, 6:07pm

Skipping this inside docker now. Already implemented.

But easily reverted.