Unless otherwise stated, all commands presented on this page must be executed as root.
So, either run them as sudo <command>, or switch to root at the beginning by typing su.
apt-get install schroot
debootstrap is used to install a Debian base system(the new root), for the example below.
apt-get install debootstrap
Configuration file: /etc/schroot/schroot.conf
If you prefer separate configuration files, place them in /etc/schroot/chroot.d/.
A simple example that creates a chroot and installs <some-package> for an X windows environment. This is not the safest nor a standard way of setup. [REQUEST FOR EDIT: Please link to docs for a couple of the safe and standards methods]
Create root file system:
mkdir -p /srv/chroot/test debootstrap stretch /srv/chroot/test
Make a file /etc/schroot/chroot.d/stretch-test:
# schroot chroot definitions. # See schroot.conf(5) for complete documentation of the file format. # # Please take note that you should not add untrusted users to # root-groups, because they will essentially have full root access # to your system. They will only have root access inside the chroot, # but that's enough to cause malicious damage. # # The following lines are examples only. Uncomment and alter them to # customise schroot for your needs, or create a new entry from scratch. # [stretch-test] description=Contains the SPICE program aliases=test type=directory directory=/srv/chroot/test users=jsmith root-groups=root profile=desktop personality=linux preserve-environment=true
Where jsmith is an underprivileged user.
schroot -c test
W: Failed to change to directory '/ ... is ok.
apt-get update && apt-get install <some-package> exit
As the user jsmith execute:
xhost + schroot -c test
From this point the <some-package> could be used...
xhost + SESH=$(schroot -c test -b) schroot -r -c $SESH schroot -e -c $SESH
Enabling tmpfs Overlay for Faster Builds
Building with a tmpfs overlay provides significant speedup. For example, on a system where lintian takes an hour to build, a tmpfs overlay may enable the completion of the same work in 21 minutes. The two downsides are that it requires a fair amount of free RAM, and that the memory pressure can push desktop application to swap. On a related note, the use of swap is recommended when using tmpfs overlays, because if a build triggers the OOM killer then one's browser will almost certainly be the first to go.
First, follow this guide sbuild#sbuild_overlays_in_tmpfs. That may be enough to activate tmpfs, but if not then one has only to add the following line to each file in /etc/schroot/chroot.d:
When you logout a schroot's session sometime it can happen that some processes keep busy the mount-point causing this error message:
~$ logout E: 10mount: rmdir: failed to remove '/var/lib/schroot/mount/kubuntu-d2c072e7-7e0c-4cfc-b48e-73defe8a4f0a': Device or resource busy E: kubuntu-d2c072e7-7e0c-4cfc-b48e-73defe8a4f0a: Chroot setup failed: stage=setup-stop
to retrive the PID you can take a piece of the name of the directory, says "d2c072e7" and look for in the /proc filesystem:
~$ grep -r d2c072e7 /proc/*/mountinfo /proc/3919/mountinfo:195 41 253:3 / /var/lib/schroot/mount/kubuntu-d2c072e7-7e0c-4cfc-b48e-73defe8a4f0a rw,relatime shared:134 - ext4 /dev/mapper/ld0-lv2 rw,stripe=256,data=ordered /proc/3919/mountinfo:199 195 0:14 / /var/lib/schroot/mount/kubuntu-d2c072e7-7e0c-4cfc-b48e-73defe8a4f0a/sys rw,nosuid,nodev,noexec,relatime shared:136 master:7 - sysfs sysfs rw /proc/3919/mountinfo:216 195 0:3 / /var/lib/schroot/mount/kubuntu-d2c072e7-7e0c-4cfc-b48e-73defe8a4f0a/proc rw,nosuid,nodev,noexec,relatime shared:151 master:12 - proc proc rw /proc/3919/mountinfo:218 195 0:5 / /var/lib/schroot/mount/kubuntu-d2c072e7-7e0c-4cfc-b48e-73defe8a4f0a/dev rw,relatime shared:153 master:2 - devtmpfs udev rw,size=10240k,nr_inodes=988768,mode=755 /proc/3919/mountinfo:223 195 0:15 / /var/lib/schroot/mount/kubuntu-d2c072e7-7e0c-4cfc-b48e-73defe8a4f0a/run rw,nosuid,relatime shared:158 master:5 - tmpfs tmpfs rw,size=1585940k,mode=755
Therefore "3919" is the PID to kill in order to remove the directory.
See Also :
https://linuxgazette.net/150/kapil.html - Virtualizing without Virtualizing
other SystemVirtualization solutions