Translation(s): Deutsch - English - Español - Français - Italiano

Basic Installation

Building a "chroot" is very easy in Debian.

You will need:

# apt install debootstrap

# mkdir -p /srv/chroot/debian

Either select a close network mirror manually, use one of the dns based mirrors such as where XX is your geographic country code, or use the CDN which will do this for you automatically. The is easier to document and becoming the generally preferred method and is therefore recommended if you don't have your own fast preferred local mirror. See for documentation and details.

# debootstrap bullseye /srv/chroot/debian

# chroot /srv/chroot/debian

From this point, the chroot is useful for tasks such as building debian packages in an isolated environment. For a more advanced debian environment inside the chroot, see below.

(!) A more convenient way to enter the chroot is provided by the schroot package. This wrapper allows unprivileged users to have access to one or more chroot environments. schroot handles the chroot(2) call as well as dropping privileges inside the chroot, setting up /etc/resolv.conf and bind mounting resources into the chroot (like home directories, /dev, /sys, /proc).


In general, it is necessary to create/edit key configuration points.

Create a /usr/sbin/policy-rc.d file IN THE CHROOT so that dpkg won't start daemons unless desired. This example prevents all daemons from being started in the chroot.

chroot /srv/chroot/debian
cat > ./usr/sbin/policy-rc.d <<EOF
exit 101
chmod a+x ./usr/sbin/policy-rc.d

The ischroot command is buggy and does not detect that it is running in a chroot (685034). Several packages depend upon ischroot for determining correct behavior in a chroot and will operate incorrectly during upgrades if it is not fixed. The easiest way to fix it is to replace ischroot with the /bin/true command.

dpkg-divert --divert /usr/bin/ischroot.debianutils --rename /usr/bin/ischroot
ln -s /bin/true /usr/bin/ischroot

Configuring a chroot is relatively static and very specific, it may be possible to dispense with the command "top-level" and directly edit files.




Mounting pseudo filesystems


proc on /proc type proc (rw)
sysfs on /sys sysfs kind (rw)


In this case, the primary system, run the command:

mount --bind /dev/pts /srv/chroot/stretch/dev/pts

Default Configurations

Generally the file /etc/fstab might look like this:

# grep chroot /etc/fstab
/dev /srv/chroot/stretch/dev auto bind 0 0
/dev/pts /srv/chroot/stretch/dev/pts auto bind 0 0
/proc /srv/chroot/stretch/proc auto bind 0 0

Therefore mount on the primary system would be:

# mount | grep chroot
/dev on /srv/chroot/stretch/dev -type none (rw, bind)
/dev/pts on /srv/chroot/stretch/dev/pts kind none (rw, bind)
/proc on /srv/chroot/stretch/proc type none (rw, bind)

Adding / removing packages

apt-get install deborphan

deborphan -a

apt-get remove --purge telnet manpages pppconfig ipchains ...

Complementary list svgalibg1 whiptail

apt-get install emacs23 local mc


Common examples of chroot usage:

Copy and Paste

The above ready for copy and paste.

First the part where we set shell variables.

export MCHRARCH=i386
export MCHRREL=buster
export MCHRDIR=/srv/chroot/${MCHRREL}-${MCHRARCH}
echo My chroot dir is ${MCHRDIR}

From here the further copy and paste stuff, preferable careful.

mkdir -p ${MCHRDIR}
# next step takes much more time
debootstrap --variant=buildd --arch=${MCHRARCH} ${MCHRREL} ${MCHRDIR} ${MCHRMIRROR}

# prevent that dpkg starts deamons in the chroot environment
cat > ${MCHRDIR}/usr/sbin/policy-rc.d <<EOF
exit 101
chmod a+x ${MCHRDIR}/usr/sbin/policy-rc.d

# in the chroot "hard code" ischroot to true
cp  ${MCHRDIR}/bin/true ${MCHRDIR}/usr/bin/ischroot

cp /etc/hosts ${MCHRDIR}/etc/hosts
cp /etc/resolv.conf ${MCHRDIR}/etc/resolv.conf

# that was what needs be done only once

# mount stuff, you will need more often
mount --bind /dev ${MCHRDIR}/dev
mount --bind /dev/pts ${MCHRDIR}/dev/pts
mount --bind /proc  ${MCHRDIR}/proc

# you may also need (e.g. in Rescue mode of DebianInstaller)
mount --bind /sys  ${MCHRDIR}/sys
mount --bind /run  ${MCHRDIR}/run

# Okay

# Entering the chroot, leave it with exit

chroot ${MCHRDIR}
# enjoy your new environment
# apt install what you need
# do the thing you have in mind


[ ! -z ${MCHRDIR} ] && echo my chroot dir is ${MCHRDIR}
[ ! -z ${MCHRDIR} ] && umount ${MCHRDIR}/proc
[ ! -z ${MCHRDIR} ] && umount ${MCHRDIR}/dev/pts
[ ! -z ${MCHRDIR} ] && umount ${MCHRDIR}/dev

# if you mounted these above
[ ! -z ${MCHRDIR} ] && umount ${MCHRDIR}/sys
[ ! -z ${MCHRDIR} ] && umount ${MCHRDIR}/run

CategorySystemAdministration | CategoryVirtualization

TODO - Clean up from French translation.