BINFMT in Crostini

[Aron Petritz]

Hi, so I was trying to install box86 on my arm chromebook, to be able to run x86 applications, and did get it running for some smaller applications, however some bigger programs that launch other x86 executables don't work, because binfmt doesn't seem to work and the binaries dont automagically get opened by box86. Is binfmt just not supported in crostini, if so why? Or am I missing something?

Thanks in advance!

[Mike Frysinger]

it does seem to be currently unavailable to code inside the container.  i don't think it was a conscious decision, so you could file a bug about it and we'd take a look.

-mike

On Fri, Mar 26, 2021 at 5:33 AM Aron Petritz <rocco.i...@gmail.com> wrote:

Hi, so I was trying to install box86 on my arm chromebook, to be able to run x86 applications, and did get it running for some smaller applications, however some bigger programs that launch other x86 executables don't work, because binfmt doesn't seem to work and the binaries dont automagically get opened by box86. Is binfmt just not supported in crostini, if so why? Or am I missing something?

Thanks in advance!

--
--
Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
https://groups.google.com/a/chromium.org/group/chromium-os-dev

[Aron Petritz]

Ok great, I'll do that then. Just with alt+shift+i on the chromebook or is there some other way?

[Mike Frysinger]

feedback is great, thanks

you can also file a bug at crbug.com/new and we can route it to the right team

-mike

[Aron Petritz]

Great did both now. I know it's hard to say, but is there an estimate for how long this will take to get fixed? Has been bothering me for a while now

[Junichi Uekawa (上川純一)]

Hi,

The last time I checked, I think binfmt-misc is not namespace-aware (crostini is implemented using namespaces), so it might be challenging to implement properly.

2021年3月29日(月) 18:10 Aron Petritz <rocco.i...@gmail.com>:

---
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-os-d...@chromium.org.

--

Junichi Uekawa
Google

[Mike Frysinger]

that's a good point.  i believe in some ways it's aware, but in some ways it's not, and it's those "not" ways that would be a problem.

it's mount namespace aware in that the emulation executes in the same mount namespace as the program invoking it.  so programs run inside the container would use the tools inside the container.  that's good.

it's not mount namespace aware in that there's a single registry and handlers created inside the container affect programs running outside the container.  so it could be used by code inside the container to break out and into the active VM environment as root.  while that's not exactly our security boundary, it's still not something we want to expose, if even just by accident.

i updated https://crbug.com/1193426 with some info, and based on this, i'd say the schedule is "not for a while".  or at least, "not until someone super motivated made Linux upstream support this for everyone".

-mike

[Aron Petritz]

Alright, most of this is beyond me to be honest, but if it's going to take so long, then so be it. Thank you for the help!