CIS 228 - System Administration

Lab 14: Virtual program execution under :

DOSBox, Windows Emulation (), jail, Linux Containers (), KVM/ , VirtualBox

DOS Compatibility Tools

Read on mtools, dos2unix, unix2dos.

Running DOS under LINUX: DOSBOX (DOSEMU is no longer supported)

1) Mount /dev/sda1 as a R/O NTFS drive /mnt/Windows 2) yum 3) Start DOSBox 4) mount c /root 5) c: , z: 6) mount d /mnt/cdrom 7) Insert a DVD into the CDROM drive mounted as /mnt/cdrom 8) d: , z: 9)

Running Windows Emulation (WINE) under LINUX

10) Install all WINE packages (yum install wine or from DVD) 11) Run winecfg. Does anything unusual occur? 12) Under Drives, run autodetect. See what appears 13) wordpad.exe under /mnt/Windows 14) Copy wordpad.exe and msfc*.dll to ~/.wine/windows 15) From a terminal session: ~/.wine/drive_c/windows, run: wine wordpad.exe 16) Go to Applications/Wine/wine configuration 17) Add wordpad.exe as Windows 2000 application 18) Right click on Applications, go to Wine, Add wordpad.exe from Browse Tab 19) Copy putty.exe and add it to the Wine Menu \ 20) Copy putty.exe, go to Win and run it. Add it to the Wine menu

Related commands: wine, winecfg,

CIS 228 - UNIX System Administration

Standard Chroot Jail (Fedora)

Creating a chroot jail, as root, give the command: /usr/sbin/chroot .

The becomes the , and the process attempts to run the default shell.

21) To create an ordinary user chroot jail, as ROOT: useradd user8 user8

22) Create jailed directories: cd /home/user8 /home/user8/etc mkdir /home/user8/dev mkdir /home/user8/bin mkdir /home/user8/lib mkdir /home/user8/lib64 (64 bit omage) –al (Note root ownership)

23) Change ownership to the ordinary user: user8 * ls –al (note user8 ownership)

24) Determine which utilities the chroot jail needs. Copy the appropriate binaries and their .so libraries ( as listed by the ldd command) into the jail.

Below displays will be /lib for 32 bit /lib64 for 64 bit image. Substitute as necessary.

/bin/ls ./bin cp /bin/bash ./bin cp /bin/ ./bin ldd /bin/ls linux-gate.so.1 => (0xb77b6000) libselinux.so.1 => /lib64/libselinux.so.1 (0x46af0000) librt.so.1 => /lib64/librt.so.1 (0x46967000) libcap.so.2 => /lib64/libcap.so.2 (0x46cba000) libacl.so.1 => /lib64/libacl.so.1 (0x47837000) libc.so.6 => /lib64/libc.so.6 (0x467b6000) libdl.so.2 => /lib64/libdl.so.2 (0x46960000) /lib64/ld-linux.so.2 (0x46794000) libpthread.so.0 => /lib64/libpthread.so.0 (0x46944000) libattr.so.1 => /lib64/libattr.so.1 (0x477f6000) ldd /bin/bash linux-gate.so.1 => (0xb770e000) libtinfo.so.5 => /lib64/libtinfo.so.5 (0x480ad000) libdl.so.2 => /lib64/libdl.so.2 (0x46960000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x469b6000) libc.so.6 => /lib64/libc.so.6 (0x467b6000) /lib64/ld-linux.so.2 (0x46794000) ldd /bin/echo linux-gate.so.1 => (0xb7790000) libc.so.6 => /lib64/libc.so.6 (0x467b6000) /lib64/ld-linux.so.2 (0x46794000)

list="$(ldd /bin/ls | egrep -o '/lib.*\.[0-9]')" for i in $list; do cp -v "$i" ./lib64; done

25) Run the process from chroot: chroot /home/user8 /bin/ls bin dev etc lib chroot /home/user8 /bin/echo hi there hi there

26) As an ordinary user: exit (root) su - user8 chroot /home/user8 /bin/ls ... chroot: cannot change root directory to /home/user8: Operation not permitted

27) As root: su -c "chroot /home/user8 /bin/ls"

You can also automate the process for user8 login. However chroot jails are less common than before, most daemon processes come with their own “chroot jail” procedures – Apache, BIND, SSH, etc. and are application specific.

CIS 228 - UNIX System Administration

Running Linux Application Containers (lxc) - (similar to BSD “chroot jail” OR Solaris zones”)

Ubunti 16.04 LTS procedure. Install the software: 28) apt-get install lxc lxc-templates lxc-extra debootstrap libvirt perl gpg 29) lxc-create -t download -n ubuntu-c1 -- -d ubuntu -r xenial -a amd64 30) chroot /var/lib64/lxc/ubuntu-c1/rootfs/ passwd ubuntu (set password for ubuntu id) 31) chroot /var/lib64/lxc/ubuntu-c1/rootfs/ passwd (lock out root) 32) lxc-start -n ubuntu-c1 33) lxc-console -n ubuntu-c1 34) apt-get install -server (inside lxc) 35) lxc-info -n ubuntu-c1 36) lxc- 37) To exit from lxc-console Ctrl+a q to exit the console session and back to the host.

Fedora 25 procedure: 38) dnf install lxc lxc-templates lxc-extra debootstrap libvirt perl gpg 39) systemctl start libvirtd.service 40) systemctl start lxc.service 41) systemctl enable lxc.service 42) systemctl status libvirtd.service 43) systemctl status lxc.service 44) brctl show 45) /etc/lxc/default.conf lxc.network.type = veth lxc.network.link = virbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx 46) systemctl status libvirtd.service | range 47) lxc-checkconfig 48) lxc-create -t download -n ubuntu-c1 -- -d ubuntu -r xenial -a amd64 49) chroot /var/lib/lxc/ubuntu-c1/rootfs/ passwd ubuntu 50) chroot /var/lib/lxc/ubuntu-c1/rootfs/ passwd 51) lxc-start -n ubuntu-c1 52) lxc-console -n ubuntu-c1 Others: lxc-create -t download -n debian-c1 -- -d debian -r stretch -a amd64 chroot /var/lib64/lxc/debian-c1/rootfs/ passwd lxc-start -n debian-c1 lxc-console -n debian-c1 lxc-create -t download -n centos-c1 -- -d centos -r 7 -a amd64 chroot /var/lib64/lxc/centos-c1/rootfs/ passwd $ sudo lxc-start -n centos-c1 $ lxc-console -n centos-c1 lxc-create -t download -n fedora-c1 -- -d fedora -r 25 -a amd64 chroot /var/lib64/lxc/fedora-c1/rootfs/ passwd $ sudo lxc-start -n fedora-c1 $ lxc-console -n fedora-c1

Running Kernel Virtual Machines (kvm)

53) yum install kvm virt-manager virt-viewer libvirt libvirt-python virtinst gnome-applet-vm 54) service libvirtd start 55) virt-manager 56) Right click on localhost 57) New, Install from media 58) Start OS from virt-manager 59) Running VirtualBOX (Oracle)

60) cd /etc/yum.repos.d/ 61) wget http://download.virtualbox.org/virtualbox/rpm/ or /virtualbox.repo 62) yum check-update 63) yum install gcc kernel-devel kernel-headers 64) KERN_DIR=/usr/src/kernels/` –r` …Add –`uname –m` for RHEL 65) Export KERN_DIR 66) yum install VirtualBox-3.2 o4 4.0 67) usermod -a -G vboxusers user1 68) Run virtualbox from command line or use menu selection. Install Ubuntu.

Running Xen (LINUX )

See: https://major.io/2013/06/02/installing-the-xen-hypervisor-on-fedora-19/ 50) yum -y install xen xen-hypervisor xen-libs xen-runtime chkconfig xend on chkconfig xendomains on

51) reboot, verify that Xen is running: # xm dmesg |

52) Start tools and daemoons yum -y install virt-manager dejavu* xorg-x11-xauth yum -y install libvirt-daemon-driver-network libvirt-daemon-driver-storage libvirt-daemon-xen chkconfig libvirtd on service libvirtd start

53) ssh -X hypervisor.mydomain.com and run virt-manager.

54) yum -y install libvirt-daemon-config-network libvirt-daemon-config-nwfilter service libvirtd restart

See http://wiki.xen.org/xenwiki/Xen4.0 See http://wiki.xen.org/xenwiki/Fedora13Xen4Tutorial

Discuss: Issues

Docker Containers

Fedora 28 method:

55) install dnf -y install dnf-plugins-core dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo dnf config-manager --set-enabled docker-ce-edge dnf config-manager --set-enabled docker-ce- dnf install docker-ce

56) Start docker systemctl start docker.service -OR- service docker start systemctl enable docker (to start at boot) systemctl disable docker docker run hello-world

Previous Fedora method

Sign up at hub.docker.com dnf install docker dnf install docker-latest dnf install docker* dnf install docker-latest* systemctl start docker systemctl enable docker (to start at boot) systemctl disable docker docker run hello-world

57) Run another image docker pull ubuntu docker run -it ubuntu /bin/sh; exit

58) Docker basics: docker ps ... display running containers docker ps -a ... display container run history docker version docker info docker images ... search local images docker search {os} ... search available images docker pull {image} docker run -it {image} cmd docker exec -it {image} bash docker commit (after changes) docker logs

Install Terminal interface dnf install sen

59) Configure Docker: /etc/sysconfig/docker

60) Roll your own

In a directory: nano Dockerfile FROM ubuntu:latest CMD

Build the image docker build -t "my-image" . (NOTE THE PERIOND AT THE END!) docker run -it my-image bash

Add a user to the Docker control group groupadd docker && sudo gpasswd -a user1 docker && sudo systemctl restart docker newgrp docker

Docker resources: https://us.pycon.org/2016/site_media/media/tutorial_handouts/DockerSlides.pdf https://docker-curriculum.com/ https://resources.sei.cmu.edu/asset_files/Presentation/2017_017_001_497378.pdf https://www.ibm.com/developerworks/community/forums/ajax/download/ea016f75-37a3-454a-87e3- 0450d3bb4273/b3f5c675-1449-4160-959f-6b15f46e2c93/IBM%20Services%20Asset%20- %20Open%20Table%20-%20Intro%20to%20Docker%20Containers.pdf https://media.readthedocs.org/pdf/intro-docker-lab-f5-iscfy17/latest/intro-docker-lab-f5-iscfy17.pdf

See also: Ubuntu Docker installation.