Skip to content

Instantly share code, notes, and snippets.

@raminfp

raminfp/Debootstrap.md

Created November 19, 2018 17:34
Show Gist options
  • Save raminfp/4e6e900e7dcc258a019c7ecf37d17ee6 to your computer and use it in GitHub Desktop.
Save raminfp/4e6e900e7dcc258a019c7ecf37d17ee6 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. raminfp created this gist Nov 19, 2018.
    213 changes: 213 additions & 0 deletions Debootstrap.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,213 @@
    ## Let's Start (Weekend Notes) ...

    Install debootstrap :

    ```
    $ apt-get install debootstrap
    ```

    Minimal Debian distribution with debootstrap :
    ```
    #!/bin/bash
    # Copyright 2016 syzkaller project authors. All rights reserved.
    # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
    # create-image.sh creates a minimal Debian Linux image suitable for syzkaller.
    set -eux
    # Create a minimal Debian distribution in a directory.
    RELEASE=stretch
    DIR=stretch
    sudo rm -rf $DIR
    mkdir -p $DIR
    sudo debootstrap --include=openssh-server,curl,tar,gcc,libc6-dev,time,strace,sudo,less,psmisc,selinux-utils,policycoreutils,checkpolicy,selinux-policy-default $RELEASE $DIR
    # Set some defaults and enable promtless ssh to the machine for root.
    sudo sed -i '/^root/ { s/:x:/::/ }' $DIR/etc/passwd
    echo 'T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100' | sudo tee -a $DIR/etc/inittab
    printf '\nauto eth0\niface eth0 inet dhcp\n' | sudo tee -a $DIR/etc/network/interfaces
    echo '/dev/root / ext4 defaults 0 0' | sudo tee -a $DIR/etc/fstab
    echo 'debugfs /sys/kernel/debug debugfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
    echo 'securityfs /sys/kernel/security securityfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
    echo 'configfs /sys/kernel/config/ configfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
    echo 'binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc defaults 0 0' | sudo tee -a $DIR/etc/fstab
    echo "kernel.printk = 7 4 1 3" | sudo tee -a $DIR/etc/sysctl.conf
    echo 'debug.exception-trace = 0' | sudo tee -a $DIR/etc/sysctl.conf
    echo "net.core.bpf_jit_enable = 1" | sudo tee -a $DIR/etc/sysctl.conf
    echo "net.core.bpf_jit_kallsyms = 1" | sudo tee -a $DIR/etc/sysctl.conf
    echo "net.core.bpf_jit_harden = 0" | sudo tee -a $DIR/etc/sysctl.conf
    echo "kernel.softlockup_all_cpu_backtrace = 1" | sudo tee -a $DIR/etc/sysctl.conf
    echo "kernel.kptr_restrict = 0" | sudo tee -a $DIR/etc/sysctl.conf
    echo "kernel.watchdog_thresh = 60" | sudo tee -a $DIR/etc/sysctl.conf
    echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a $DIR/etc/sysctl.conf
    echo -en "127.0.0.1\tlocalhost\n" | sudo tee $DIR/etc/hosts
    echo "nameserver 8.8.8.8" | sudo tee -a $DIR/etc/resolve.conf
    echo "syzkaller" | sudo tee $DIR/etc/hostname
    ssh-keygen -f $RELEASE.id_rsa -t rsa -N ''
    sudo mkdir -p $DIR/root/.ssh/
    cat $RELEASE.id_rsa.pub | sudo tee $DIR/root/.ssh/authorized_keys
    # Build a disk image
    dd if=/dev/zero of=$RELEASE.img bs=1M seek=2047 count=1
    sudo mkfs.ext4 -F $RELEASE.img
    sudo mkdir -p /mnt/$DIR
    sudo mount -o loop $RELEASE.img /mnt/$DIR
    sudo cp -a $DIR/. /mnt/$DIR/.
    sudo umount /mnt/$DIR
    ```

    Wating for create image `stretch.img` :

    ```
    $ sudo bash create_img.sh
    + RELEASE=stretch
    + DIR=stretch
    + sudo rm -rf stretch
    + mkdir -p stretch
    + sudo debootstrap --include=openssh-server,curl,tar,gcc,libc6-dev,time,strace,sudo,less,psmisc,selinux-utils,policycoreutils,checkpolicy,selinux-policy-default stretch stretch
    I: Keyring file not available at /usr/share/keyrings/debian-archive-keyring.gpg; switching to https mirror https://deb.debian.org/debian
    I: Retrieving InRelease
    I: Retrieving Release
    I: Retrieving Packages
    I: Validating Packages
    ....
    ```
    Now we should set kernel image path : `-kernel /boot/vmlinuz-4.14.12-041412-generic` and image file : `-hda stretch.img`


    ### kernel-img.sh
    ```
    #!/usr/bin/bash
    qemu-system-x86_64 \
    -hda stretch.img \
    -m 2G \
    -smp 2 \
    -net user,hostfwd=tcp::10021-:22 -net nic \
    -nographic \
    -kernel /boot/vmlinuz-4.14.12-041412-generic \
    -append "console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=QUZ"\
    -enable-kvm \
    -pidfile vm.pid \
    2>&1 | tee vm.log
    ```
    Now we should execute `sudo sh kernel.sh`:
    # Output :

    ```Welcome to Debian GNU/Linux 9 (stretch)!
    [ 3.591757] systemd-getty-generator[130]: Automatically adding serial getty for /dev/ttyS0.
    [ 3.609099] systemd-fstab-generator[131]: Parsing /etc/fstab
    [ 3.729143] systemd-gpt-auto-generator[133]: /dev/sda: parent isn't a raw disk, ignoring.
    [ 3.804728] systemd-fstab-generator[131]: Found entry what=/dev/root where=/ type=ext4 nofail=no noauto=no
    [ 3.805505] systemd-fstab-generator[131]: Found entry what=debugfs where=/sys/kernel/debug type=debugfs nofail=no noauto=no
    [ 3.806341] systemd-fstab-generator[131]: Found entry what=securityfs where=/sys/kernel/security type=securityfs nofail=no noauto=no
    [ 3.807167] systemd-fstab-generator[131]: Found entry what=configfs where=/sys/kernel/config type=configfs nofail=no noauto=no
    [ 3.817199] systemd-fstab-generator[131]: Found entry what=binfmt_misc where=/proc/sys/fs/binfmt_misc type=binfmt_misc nofail=no noauto=no
    [ 3.822480] systemd-sysv-generator[129]: Native unit for procps.service already exists, skipping.
    [ 3.823486] systemd-sysv-generator[129]: Native unit for networking.service already exists, skipping.
    [ 3.824724] systemd-sysv-generator[129]: Native unit for kmod.service already exists, skipping.
    [ 3.827543] systemd-sysv-generator[129]: Native unit for sudo.service already exists, skipping.
    [ 3.828332] systemd-sysv-generator[129]: Native unit for udev.service already exists, skipping.
    [ 3.828978] systemd-sysv-generator[129]: Native unit for hwclock.service already exists, skipping.
    [ 3.829658] systemd-sysv-generator[129]: Native unit for rsyslog.service already exists, skipping.
    [ 3.830337] systemd-sysv-generator[129]: Native unit for selinux-autorelabel.service already exists, skipping.
    [ 3.831073] systemd-sysv-generator[129]: Native unit for cron.service already exists, skipping.
    [ 3.831731] systemd-sysv-generator[129]: Native unit for ssh.service already exists, skipping.
    [ 3.874044] systemd-sysv-ge: 12 output lines suppressed due to ratelimiting
    [ OK ] Listening on Journal Socket (/dev/log).
    [ OK ] Listening on Syslog Socket.
    [ OK ] Listening on Journal Audit Socket.
    [ OK ] Listening on udev Control Socket.
    [ OK ] Created slice System Slice.
    [ OK ] Listening on /dev/initctl Compatibility Named Pipe.
    [ OK ] Created slice system-getty.slice.
    [ OK ] Created slice system-serial\x2dgetty.slice.
    [ OK ] Started Forward Password Requests to Wall Directory Watch.
    Mounting Huge Pa[ 4.448433] systemd[137]: dev-hugepages.mount: Executing: /bin/mount hugetlbfs /dev/hugepages -t hugetlbfs
    ges File System...
    [ OK ] Listening on Journal Socket.
    Starting Create Static Device Nodes in /dev...
    Starting Remount Root and Kernel File Systems...
    Starting Journal Service...
    [ OK ] Reached target Remote File Systems.
    [ OK ] Listening on udev Kernel Socket.
    [ OK ] Reached target Sockets.
    Mounting /sys/kernel/debug...
    Starting Load Kernel Modules...
    [ OK ] Reached target Slices.
    Mounting POSIX Message Queue File System...
    Mounting /sys/kernel/config...
    [ OK ] Reached target Swap.
    [ OK ] Started Dispatch Password Requests to Console Directory Watch.
    [ OK ] Reached target Encrypted Volumes.
    [UNSUPP] Starting of Arbitrary Executable Fi…tem Automount Point not supported.
    [ 4.686523] EXT4-fs (sda): re-mounted. Opts: (null)
    [ 4.707844] systemd-journald[142]: Fixed min_use=1.0M max_use=99.4M max_size=12.4M min_size=512.0K keep_free=149.2M n_max_files=100
    [ 4.713893] systemd-journald[142]: Reserving 22641 entries in hash table.
    [ 4.820773] systemd-journald[142]: Vacuuming...
    [ 4.821150] systemd-journald[142]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2bdba1bdd52c4de988df88011c048973.
    [ 4.821998] systemd-journald[142]: Flushing /dev/kmsg...
    Mounting /proc/sys/fs/binfmt_misc...
    [ OK ] Reached target Paths.
    [ OK ] Mounted Huge Pages File System.
    [ OK ] Mounted POSIX Message Queue File System.
    [ OK ] Mounted /sys/kernel/debug.
    [ OK ] Mounted /sys/kernel/config.
    [ OK ] Started Remount Root and Kernel File Systems.
    [ OK ] Started Load Kernel Modules.
    Starting Apply Kernel Variables...
    [ 5.013314] systemd-journald[142]: systemd-journald running as pid 142
    [ 5.032381] systemd-journald[142]: Sent READY=1 notification.
    [ 5.032400] systemd-journald[142]: Sent WATCHDOG=1 notification.
    [ 5.033045] systemd-journald[142]: Successfully sent stream file descriptor to service manager.
    [ 5.033316] systemd-journald[142]: Successfully sent stream file descriptor to service manager.
    Mounting FUSE Control File System...
    Starting udev Coldplug all Devices...
    Starting Load/Save Random Seed...
    [ OK ] Mounted FUSE Control File System.
    [ OK ] Started Journal Service.
    Starting Flush Journal to Persistent Storage...
    [ OK ] Started Load/Save Random Seed.
    [FAILED] Failed to mount /proc/sys/fs/binfmt_misc.
    See 'systemctl status proc-sys-fs-binfmt_misc.mount' for details.
    [DEPEND] Dependency failed for Local File Systems.
    [DEPEND] Dependency failed for Mark the need to relabel after reboot.
    [ OK ] Reached target Timers.
    [ OK ] Closed Syslog Socket.
    [ OK ] Started Emergency Shell.
    [ OK ] Reached target Emergency Mode.
    [ OK ] Reached target Login Prompts.
    [ OK ] Started Apply Kernel Variables.
    Starting Raise network interfaces...
    [ OK ] Started Create Static Device Nodes in /dev.
    [ OK ] Reached target Local File Systems (Pre).
    Starting udev Kernel Device Manager...
    [ OK ] Started Flush Journal to Persistent Storage.
    Starting Create Volatile Files and Directories...
    [ 5.885349] random: crng init done
    [ OK ] Started Create Volatile Files and Directories.
    Starting Network Time Synchronization...
    Starting Update UTMP about System Boot/Shutdown...
    [ OK ] Started udev Coldplug all Devices.
    [ OK ] Started Update UTMP about System Boot/Shutdown.
    Starting Update UTMP about System Runlevel Changes...
    [ OK ] Started udev Kernel Device Manager.
    [ OK ] Started Update UTMP about System Runlevel Changes.
    [ OK ] Started Network Time Synchronization.
    [ OK ] Reached target System Time Synchronized.
    [ OK ] Found device /dev/ttyS0.
    [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
    You are in emergency mode. After logging in, type "journalctl -xb" to view
    system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
    try again to boot into default mode.
    Press Enter for maintenance
    (or press Control-D to continue):
    root@syzkaller:~#
    root@syzkaller:~#
    root@syzkaller:~# ls /
    bin dev home lib64 media opt root sbin sys usr
    boot etc lib lost+found mnt proc run srv tmp var
    ```