chroot on Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children.(Read more ...)
Building a "chroot" is very easy in Debian.
You will need:
- Install the required packages
apt-get install binutils debootstrap
- Choose a location
mkdir -p /srv/chroot/wheezy
- Build the chroot
debootstrap --arch i386 wheezy /srv/chroot/wheezy http://http.debian.net/debian
- To enter:
In general, it is necessary to create/edit key configuration points.
Create a /usr/sbin/policy-rc.d file IN THE CHROOT so that dpkg won't start daemons unless desired. This example prevents all daemons from being started in the chroot.
chroot /srv/chroot/wheezy cat > ./usr/sbin/policy-rc.d <<EOF #!/bin/sh exit 101 EOF chmod a+x ./usr/sbin/policy-rc.d
The ischroot command is buggy and does not detect that it is running in a chroot (685034). Several packages depend upon ischroot for determining correct behavior in a chroot and will operate incorrectly during upgrades if it is not fixed. The easiest way to fix it is to replace ischroot with the /bin/true command.
dpkg-divert --divert /usr/bin/ischroot.debianutils --rename /usr/bin/ischroot ln -s /bin/true /usr/bin/ischroot
Configuring a chroot is relatively static and very specific, it may be possible to dispense with the command "top-level" and directly edit files.
- Users defined in the chroot
- Settings network settings in the chroot
- Mounts filesystems from the underlying host (NOT in the chroot)
Mounting pseudo filesystems
- Check the chrooted system the presence of /proc if the chroot is not likely to be fully operational. A priori, since version debootstrap Debian/Wheezy integrates natively mount /proc and /sys
proc on /proc type proc (rw) sysfs on /sys sysfs kind (rw)
It is also advisable to do a "bind" /dev/pts. This prevents error messages like Must be connected to a terminal or Can not access '/dev/pts/0': No such file or directory of this type with using the control screen.
In this case, the primary system, run the command:
mount --bind /dev/pts /srv/chroot/wheezy/dev/pts
Generally the file /etc/fstab might look like this:
# grep chroot /etc/fstab /dev /srv/chroot/wheezy/dev auto bind 0 0 /dev/pts /srv/chroot/wheezy/dev/pts auto bind 0 0 /proc /srv/chroot/wheezy/proc auto bind 0 0
Therefore mount on the primary system would be:
# mount | grep chroot /dev on /srv/chroot/wheezy/dev -type none (rw, bind) /dev/pts on /srv/chroot/wheezy/dev/pts kind none (rw, bind) /proc on /srv/chroot/wheezy/proc type none (rw, bind)
Adding / removing packages
- Eliminate unnecessary packages (all depends on the purpose of the chroot)
apt-get install deborphan
- And for example
apt-get remove --purge telnet manpages pppconfig ipchains ...
Complementary list svgalibg1 whiptail
- Add a little comfort
apt-get install emacs23 local mc
Common examples of chroot usage:
Recompiling application in a context other than the machine that hosts the chroot (backport, cross-compiling, ...)
- Update service production by tilting the old service (host machine) to the new (installed in the chroot)
- Securing a service "chrooted" from the host machine (and vice versa)
ToDo - Clean up from French translation.