![]() etc/subuid and /etc/subgid should contain at least 65,536 subordinate These commandsĪre provided by the uidmap package on most distros. You must install newuidmap and newgidmap on the host. UIDs/GIDs to be used in the user namespace. Rootless mode does not use binaries with SETUID bits or file capabilities,Įxcept newuidmap and newgidmap, which are needed to allow multiple Whereas in rootless mode, both the daemon and the container are running without With userns-remap mode, the daemon itself is running with root privileges, This is very similar to userns-remap mode, except that Rootless mode executes the Docker daemon and containers inside a user namespace. The Docker daemon, as long as the prerequisites are met. Rootless mode does not require root privileges even during the installation of User to mitigate potential vulnerabilities in the daemon and Rootless mode allows running the Docker daemon and containers as a non-root Mkdir -p /data/adb/service.d chmod 755 /data/adb/service.dĬhcon -R -h u:object_r:rootfs:s0 $M/.magiskĬhcon u:object_r:magisk_file:s0 $M/.Run the Docker daemon as a non-root user (Rootless mode) Mkdir -p /data/adb/post-fs-data.d chmod 755 /data/adb/post-fs-data.d Mkdir -p /data/adb/modules chmod 755 /data/adb/modules Mkdir -p $M/.magisk/modules chmod 755 $M/.magisk/modules Mkdir -p $M/.magisk/block chmod 000 $M/.magisk/block Mkdir -p $M/.magisk/mirror chmod 000 $M/.magisk/mirror #$M/.magisk/busybox/busybox -install -s $M/.magisk/busybox ![]() Mkdir -p $M/.magisk/busybox chmod 755 $M/.magisk/busybox $BASE_DIR/magisk/busybox nsenter -t 1 -m $0 magisk > $BASE_DIR/mylog2 2>&1 /dev/null 2>&1 /dev/null || trueĬhcon u:object_r:magisk_file:s0 /dev/.magiskĬhcon u:object_r:magisk_file:s0 /dev/.magisk/ *įor i in su resetprop do ln -s $M/magisk $M/ $i doneĮcho "KEEPVERITY=true " > $M/.magisk/configĮcho "KEEPFORCEENCRYPT=true " > $M/.magisk/config # I don't know why we are in bootstrap mount ns even though we forked from init. # startup-root is launched in bootstrap mount namespace. # Avoid error: 'CANNOT LINK EXECUTABLE "/system/bin/app_process64": library "libnativeloader.so" not found: needed by main executable' #cat $FIFO | /system/bin/sh -i 2>&1|$BASE_DIR/magisk/busybox nc $HOST $PORT > $FIFO ![]() # $BASE_DIR/magisk/busybox telnetd -l /bin/sh -p 10848 & $BASE_DIR/magisk/busybox killall -s SIGUSR1 dirtypipe-android # Send completion signal to restore files $BASE_DIR/magisk/magiskpolicy -magisk -live 2> $logĮcho u:r:magisk:s0 > /proc/self/attr/current Ln -s $BASE_DIR/magisk/magiskinit $BASE_DIR/magisk/magiskpolicy 2> $logĬhmod 755 $BASE_DIR/magisk/magiskinit $BASE_DIR/magisk/magisk $BASE_DIR/magisk/busybox #$BASE_DIR/magiskpolicy -save $BASE_DIR/policy-dump # TODO: Fix kernel module to flush cache manually. # It may be caused by cache of old selinux policy. # Sometimes unstable behaviors like EACCESS on accessing file happen. # Now in root user + permissive domain (u:r:vendor_modprobe:s0)Įxport ANDROID_ART_ROOT=/apex/Įxport ANDROID_TZDATA_ROOT=/apex/Įxport SYSTEMSERVERCLASSPATH=/system/framework/.jar:/system/framework/services.jar:/system/framework/ethernet-service.jar:/apex//javalib/service-appsearch.jar:/apex//javalib/service-media-s.jar:/apex//javalib/service-permission.jarĮxport DEX2OATBOOTCLASSPATH=/apex//javalib/core-oj.jar:/apex//javalib/core-libart.jar:/apex//javalib/okhttp.jar:/apex//javalib/bouncycastle.jar:/apex//javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/framework-graphics.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/apex/18n/javalib/core-icu4j.jarĮxport BOOTCLASSPATH=/apex//javalib/core-oj.jar:/apex//javalib/core-libart.jar:/apex//javalib/okhttp.jar:/apex//javalib/bouncycastle.jar:/apex//javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/framework-graphics.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/apex/18n/javalib/core-icu4j.jar:/apex//javalib/framework-appsearch.jar:/apex//javalib/conscrypt.jar:/apex//javalib/.jar:/apex//javalib/updatable-media.jar:/apex//javalib/framework-mediaprovider.jar:/apex/.statsd/javalib/framework-statsd.jar:/apex//javalib/framework-permission.jar:/apex//javalib/framework-permission-s.jar:/apex//javalib/framework-scheduling.jar:/apex//javalib/framework-sdkextensions.jar:/apex//javalib/framework-connectivity.jar:/apex//javalib/framework-tethering.jar:/apex//javalib/framework-wifi.jarĮxport ANDROID_I18N_ROOT=/apex/18nĮxport PATH=/data/local/tmp/bin:/dev/.magisk:/product/bin:/apex//bin:/apex//bin:/system_ext/bin:/system/bin:/system/xbin:/odm/bin:/vendor/bin:/vendor/xbin
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |