General Notes with respect to this Lab Exercise
FAQ concerning Lab Work of Lehrgebiet Informationstechnische Systeme (ITS)
As the technical setup (using VirtualBox Virtual Machines) is similar in several of Prof. Classen’s lectures / labs, we provide shared FAQ answers in a separate, shared Ilias course at Support für die WF Praktika Prof. Claßen. Feel free to become a member of that Ilias course.
A Wiki there provides FAQ answers related to the technical setup of the Prof. Classen labs. New FAQ answers will be added on demand. If you have problems creating and starting the VM, first check the information in our FAQ. In particular, the points on the topic of activating hardware virtualization on Windows systems.
Specific questions specifically related to one module' lab only will however not be answered there, but in the Ilias of the specific module instead. Only questions that are valid for multiple / all of the labs will be handled via the shared Support Wiki.
On your own computer: VirtualBox Installation
VirtualBox Version 7.x is installed on the terminal computers.
If you are working on your own computer, so you should also install and use the latest version of Virtualbox 7.x.
Operating the VirtualBox VM
With VirtualBox, the mouse and keyboard may be "caught" in the VM,
as soon as you click in the console window.
You can then "release" it by pressing the right Ctrl key.
Persistence of data and changes
The changes in the virtual machine are persistent even if you have to shut down or reboot the virtual machine during the lab exercises.
Interrupting the Lab Work: Shut down the VM, do not pause it
If you need to interrupt your lab work, please do not pause the VM, instead, shut down the VM. Otherwise, when paused, the VM will not have a working network connection when you continue your work.
Superuser Permissions
Many of the commands and file content changes in the following exercises
require superuser (root) permissions, because they impact general system settings. In many cases, this is explicitly mentioned in the explanation of the respective exercise.
We do however expect you to understand the concept,
so therefore there might be cases where you are expected to recognize and handle this yourself.
As a general hint: should you get error messages like command not found or Permission denied
when issueing a command, this might be an indication
that the respective command needs to be executed as
root superuser.
Download and Setup of the Virtual Machine (VM) Processes_Files_VM
On the FH Aachen PCs:
Start VirtualBox.
Importing the appliance for the ITS-VM ("ITS" == "Lehrgebiet Informationstechnische Systeme, Prof. Claßen"):
Open the windows command shell cmd.exe by clicking on the menu in the bottom left corner, then "blindly" type in cmd, followed by a left click onto cmd.exe. Enter the following command into the shell:
1net use S: \\ad.fh-aachen.de\files\FB05\StudiShare
You should now see a new drive S: in the explorer.
=== Importing the appliance for the VM) Processes_Files_VM
In VirtualBox menu file :
import appliance, select ITS_Client_debian12_AMD64_V02.ova in
S:\Classen\VM_OVAs\ ,
click Next,
change name setting to Processes_Files_VM.
On FH terminal room computers:
change virtual disk image to
D:\VMs\Processes_Files_VM.vmdk.
|
Assign a new MAC address
Important (on all computers):
Make sure to set the checkbox
Assign new MAC addresses for all network cards,
alternatively go to MAC Address Policy
and set Include all network adapter MAC addresses.
|
Finally click on Import.
On your private computer:
Download ITS_Client_debian12_AMD64_V02.ova from
https://fh-aachen.sciebo.de/s/voHfcjRsXAfYbfJ
In VirtualBox menu file :
import appliance, select ITS_Client_debian12_AMD64_V02.ova
from your local download folder,
click Next,
change name setting to Processes_Files_VM.
|
Assign a new MAC address
Important (on all computers):
Make sure to set the checkbox
Assign new MAC addresses for all network cards,
alternatively go to MAC Address Policy
and set Include all network adapter MAC addresses.
|
Finally click on Import.
Starting the VM
Start the VM.
Should you get an error message when starting the VM regarding
VirtualBox Host-Only Ethernet Adapter is not a Host-Only Network
(or similar), the name of the host-only network in your VirtualBox installation differs from
the name expected by the VM definition.
For the VM refusing to start, click on Configure (upper-left of the
VirtualBox window) and a settings window will open for that VM.
Click on OK without changing any VM settings.
This will nevertheless update the VM settings and correct the problem.
Start the VM again.
Account Data for the VM
The user accounts of the VM are:
-
User:
itsadmin, Password:itsadmin -
Administrator-User:
root, Password:itsadmin
Result logging
To show that you have successfully finished this lab, please upload a log file to ILIAS. The log file will contain all commands that you typed in during your session and all system outputs.
It is not a problem if there are commands in the logfile that did not work on first try or were typed in wrong, we just want to see that at some point all the required commands were used correctly.
Open a terminal in the virtual
machine and start the logging by using the script command
(option -a means: append to file in case the file is non-empty
when the logging to file is started):
1script -a Linux-praktikum-05.log
The following output should appear:
1Script started, file is Linux-praktikum-05.log
From now on, please only use the console in which the logger is running, so that everything gets logged correctly!
If you want to interrupt the lab and shut down the virtual machine, e.g. to take a break, or if you get interrupted somehow, you have to restart the logging when you continue. Choose a new / different file name. Finally, use a text editor to merge the resulting log files into a single file in the correct order.
After completing the lab, upload the complete result files to the Ilias course.
Pseudo files for Processes
Start a Python Interpreter in the background. The interpreter shall solely execute a continuous loop:
1python -c "while True: pass" &
Find out via the /proc subdirectory related to the Python process which working directory the Python process was started with.
That means if the Python process tries to read a file from his "current directory", which directory would be searched forthe file?
(Such questions should only be answered for yourself, you do not have to answer "submit" …)
Find out via the /proc subdirectory related to the Python process which command this process was started with.
You should see the full command, but all parts of the command are "glued together". Why?
Because the driver for the /proc filesystem separates the individual parts (parameters) of the command with \0 (NULL),
which means it is a list of C-strings. The following command at least shows that there are still "separators" between the parts of the command:
1
2
PYTHON_PID=$(pgrep --newest python)
cat --show-all /proc/$PYTHON_PID/cmdline
And by means of the following command, all \0 characters are replaced by a line break:
1cat /proc/$PYTHON_PID/cmdline | tr '\0' '\n'
Let the system output the environment (i.e., the list of environment variables with their values) of the python process.
Kill the running Python Interpreter:
1pkill python
File system 'Jails': chroot
Download the tar archive (= "packed" archive file) of a basic Linux filesystem:
1
2
cd /home/itsadmin
wget https://github.com/ericchiang/containers-from-scratch/releases/download/v0.1.0/rootfs.tar.gz
Unzip the archive as user itsadmin:
1sudo tar zxf rootfs.tar.gz
Take a look at the archive contents:
1
2
ls rootfs
ls -al rootfs/bin/
Create a blank file in-rootfs.txt as follows.
This serves as a "marking" to recognize the directory /home/itsadmin/rootfs based on the existence of this file:
1
2
sudo touch rootfs/in-rootfs.txt
ls rootfs
Check that you are currently working as user itsadmin:
1id
Now execute the chroot command with administrator rights.
The command should start a bash shell (= command prompt, console session)
with the directory /home/itsadmin/rootfs as a root directory:
1sudo chroot ./rootfs /bin/bash
Check that this shell really has the directory above as its root directory by looking for the file in-rootfs.txt:
1ls /
Check that due to the chroot you are now working as administrator user root:
1id
Now check that even the Administrator user root can not leave the "restricted root directory":
1
2
3
4
cd /
ls
cd ..
ls
But by leaving the shell by means of exit you get out of the chroot "filesystem jail".
chroot was only applicable for the bash shell program that was started by it …
1exit
Also applications can run in a chroot.
We will try this via a Python interpreter that will run a mini web server.
First, we check that Python interpreter executable exists within the filesystem under rootfs:
1ls rootfs/usr/bin/python
For Python to work, the following workaround is necessary (otherwise /dev/urandom will b emissing, which is needed by Python):
1sudo mount --bind /dev/ rootfs/dev
Now we can start Python in the chroot "jail":
1sudo chroot rootfs python -m http.server
Via a new, other console, call a web page served by this web server:
1curl localhost:8000
Note: The file in-rootfs.txt is also part of the listing on this web page!
Switch to the console in which the Python program is running.
Exit the program via Ctrl-C.
Leave the chroot "filesystem jail":
1exit
End the above workaround:
1sudo umount rootfs/dev
"::h1 Simple Container"
Now combine PID namespaces and chroot using the following command:
1sudo unshare --pid --fork chroot ./rootfs /bin/bash
Take a look at the root filesystem as well as the current user of the "container".
To view the processes in the "container", a command must be executed that instructs the procfs driver to
make the needed pseudo files available within the /proc directory of the "container".
1mount –t proc procfs /proc
Now the processes visible in the "container" can be viewed via the ps command.
End the container via exit.
Using Files as Disks
Use the dd command to create a file /tmp/disk1.img.
The file shall have a size of 512 MB and shall be filled with zeros:
1dd if=/dev/zero of=/tmp/disk1.img bs=1M count=512
Within the file, create a File system of ext3 type.
Create a directory /mnt/disk1.
Mount the file into the just created directory (mount).
Create a new file in the directory.
You may have to do so as root, because standard users do not have write permissions in the directory.
Alternatively, you can also grant write permissions to the directory to all users and then create the file as the default user.
Check that the file is created successfully.
Check as well that a subdirectory lost+found also exists in that directory.
This automatically created directory is a good indicator that the directory is the root directory of a filesystem of a separate disk:
it is a kind of "wastebasket of the filesystem", where the filesystem possibly stores
orphaned files when filesystem operations should run into errors.
Unmount the "disk implemented via a file" at the location /mnt/disk1 again.
Delete the directory /mnt/disk1 as well as the data file /tmp/disk1.img.
Simple Containers using Overlay Filesystem
Download the following file into the directory /home/itsadmin using wget:
1https://github.com/ericchiang/containers-from-scratch/releases/download/v0.1.0/rootfs.tar.gz
Unzip with administrator rights (important) the downloaded file:
1sudo tar -zxf rootfs.tar.gz
Switch to the rootfs subdirectory just created and as root user create four subdirectories there:
container1_subdir_1, container1_subdir_2, container2_subdir_1, container2_subdir_2
Let the system output the contents of directory /home/`datei1.txt, datei2.txt. /rootfs` and check that the four directories are present.
As root user, create two files in each of the four directories:
datei1.txt, datei2.txt.
The content of the files does not matter and can also be empty.
Back as user itsadmin, in the /home/itsadmin directory, create the following subdirectories:
upper1, upper2, work1, work2, overlay1, overlay2.
Now create two overlay filesystem structures:
1
2
sudo mount -t overlay -o lowerdir=rootfs,upperdir=upper1,workdir=work1 none overlay1
sudo mount -t overlay -o lowerdir=rootfs,upperdir=upper2,workdir=work2 none overlay2
Let the system list the directory contents of the directories /home/itsadmin/overlay1 and /home/itsadmin/overlay2.
You should both times see the files from rootfs.
Enter the command mount and watch the last two lines of the output of the command.
There you should find the mounted overlay structures.
Open a new command line or a new command line tab and start a "simple container" there:
1sudo unshare --pid --mount --fork chroot overlay1 /bin/bash
Check your user identity in the container and have the system output the contents of the root directory of the container using the command ls /.
You should see the files from rootfs there.
In this first container, delete the directory /srv and all of its content.
Check that the directory is indeed deleted.
In the root directory of the container, create a file container1_added.txt.
The file contents do not matter and can also be empty.
Insert a directory /container1_added_subdir_1 and in this directory a file /container1_added_subdir_1/container1_added.txt.
In the container, recursively delete the directory /container1_subdir_1 with all its contents.
Create a new file /container1_subdir_2/container1_added.txt and delete the file /container1_subdir_2/file1.txt.
After all these steps in the container, check that the required changes have all been executed correctly.
Now open another new command line or a new command line tab and start a second "simple container" there:
1sudo unshare --pid --mount --fork chroot overlay2 /bin/bash
Check your user identity in the container and have the system output the contents of the root directory of the container using the command ls /.
You should see the files from rootfs there.
In this second container, delete the directory /media including all its contents.
Check that the directory is indeed deleted.
Also, check that the /srv directory still exists, i.e. the deletion of this directory in container1 obviously has had no effect on container2.
In the root directory of the container, create a file container2_added.txt.
The file contents do not matter and can also be empty.
Create a directory /container2_added_subdir_1 and in this directory a file /container2_added_subdir_1/container2_added.txt.
In the container, recursively delete the directory /container2_subdir_1 with all its contents.
Create a new file /container2_subdir_2/container2_added.txt and delete the file /container2_subdir_2/file1.txt.
Switch to each of the command lines of Container1 and Container2 and check that the changes made in each container did not have an impact on each other container.
Switch to the command line of Container2.
Use the command ps aux to view the list of processes in the container and
terminate this command line and thus the container via exit.
Also leave the command line or the command line tab that was opened for the container by means of exit.
Switch to the command line of Container1.
Use ps aux to get the list of processes in the container and
terminate this command line and thus the container via exit.
Also leave the command line or the command line tab that was opened for this container by means of exit.
Stop the mounting and end the existence of the two overlay filesystem structures:
1
2
sudo umount /home/itsadmin/overlay2
sudo umount /home/itsadmin/overlay1
Now look at the contents of the directories upper1 and upper2 (including their subdirectories)
and analyze the results for yourself.
Take a look at the content of the rootfs directory and observe that all these activities have no changed the original directory contents.
The container… subdirectories should also be completely present;
these were created before the containers were started and thus belong to the "initial state".
Also observe that in rootfs, the directories srv and media are still available with their contents.
With administrator permissions, recursively delete the directories
upper1, upper2, work1, work2, overlay1, overlay2 und rootfs
with all their contents.
Upload of console log file and completion of this lab
When you have finalized your lab work, you need to end the logging by entering exit into your console. The following output should appear:
1Script done, file is Linux-praktikum-05.log
Start a webbrowser inside the virtual machine and upload the log file to ILIAS, using this web browser.
Shut down the VM, remove the VM completely (delete all files) and end your session.