tech-pkg archive
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index][
Old Index]
Re: Do not make mksh the default shell on macOS
On 07/14, Jonathan Perkin wrote:
> * On 2020年07月14日 at 12:09 BST, Greg Troxel wrote:
> > Is it possible to run pbulk on macos now, with SIP enabled?
>
> It's not specifically whether pbulk runs, it's that there are a number
> of issues regarding creating sandboxes that SIP prevents. The most
> important one is that DNS resolution does not work inside as it's not
> possible to modify mDNSResponder to listen on additional sockets, but
> from memory even working around that with static entries in /etc/hosts
> still resulted in other problems (I'll probably try again one day).
I know you tried various things, and this is complicated, but I think
you considered (or even tried?) using socat at one point, so if you ever
go back to trying a socket-proxy approach, this guy, referring to socat
not working, said in
https://stackoverflow.com/a/55388425
the following:
The problem here is that requests and responses on the
/var/run/mDNSResponder socket use the "ancillary data" feature of the
recvmsg and sendmsg system calls, and socat doesn't proxy ancillary
data. I was able to get a custom proxy that does relay the ancillary
data to work and provide DNS to processes inside a chroot.
I don't know how his custom proxy worked, but maybe that's another
option: provide a custom mDNSResponder proxy in the chroot.
Lewis
Home |
Main Index |
Thread Index |
Old Index