Differences between revisions 1 and 51 (spanning 50 versions)
Revision 1 as of 2005-05-29 13:36:02
Size: 312
Editor: anonymous
Comment:
Revision 51 as of 2015-10-27 23:01:52
Size: 4961
Editor: vauss
Comment: translation menu
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## Auto-converted by kwiki2moinmoin v2005-10-07
All chroot does is -for all child processes- replace the root directory on a unix system with one of the operators' choosing.
#language en
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: [[de/chroot|Deutsch]] - English - [[es/chroot|Español]] - [[fr/Chroot|Français]] - [[it/chroot|Italiano]]-~
----
'''chroot''' on Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children.''([[WikiPedia: en: chroot | Read more ...]])''
Line 4: Line 6:
See : <<TableOfContents(3)>>
== Basic Installation ==
Building a "chroot" is very easy in Debian.
Line 6: Line 10:
 * http://en.wikipedia.org/wiki/Chroot
 * http://www.gnu.org/software/coreutils/manual/html_chapter/coreutils_22.html#["SEC145"]
You will need:
 * Install the required packages
{{{
apt-get install binutils debootstrap
}}}

 * Choose a location
{{{
mkdir -p /srv/chroot/wheezy
}}}

 * Build the chroot

Either select a close network mirror manually, use one of the dns based mirrors such as ftp.XX.debian.org where XX is your geographic country code, or use the httpredir.debian.org which will do this for you automatically. The httpredir.debian.org is easier to document and becoming the generally preferred method and is therefore recommended if you don't have your own fast preferred local mirror. See http://httpredir.debian.org/ for documentation and details.
{{{
debootstrap --arch i386 wheezy /srv/chroot/wheezy http://httpredir.debian.org/debian
}}}

 * To enter:
{{{
chroot /srv/chroot/wheezy
}}}

== Configuration ==

In general, it is necessary to create/edit key configuration points.

Create a /usr/sbin/policy-rc.d file IN THE CHROOT so that dpkg won't start daemons unless desired. This example prevents all daemons from being started in the chroot.

{{{
chroot /srv/chroot/wheezy
cat > ./usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+x ./usr/sbin/policy-rc.d
}}}

The {{{ischroot}}} command is buggy and does not detect that it is running in a chroot (DebianBug:685034). Several packages depend upon {{{ischroot}}} for determining correct behavior in a chroot and will operate incorrectly during upgrades if it is not fixed. The easiest way to fix it is to replace ischroot with the /bin/true command.

{{{
dpkg-divert --divert /usr/bin/ischroot.debianutils --rename /usr/bin/ischroot
ln -s /bin/true /usr/bin/ischroot
}}}

Configuring a chroot is relatively static and very specific, it may be possible to dispense with the command "top-level" and directly edit files.

 * Users defined in the chroot
{{{
/etc/passwd
/etc/groups
}}}

 * Settings network settings in the chroot
{{{
/etc/hosts
/etc/resolv.conf
}}}

 * Mounts filesystems from the underlying host (NOT in the chroot)
{{{
/etc/fstab
}}}

== Mounting pseudo filesystems ==

=== /proc ===
 * Check the chrooted system the presence of /proc if the chroot is not likely to be fully operational. A priori, since version debootstrap Debian/Wheezy integrates natively mount /proc and /sys
{{{
proc on /proc type proc (rw)
sysfs on /sys sysfs kind (rw)
}}}

=== /dev/pts ===

 * It is also advisable to do a "bind" /dev/pts. This prevents error messages like {{{Must be connected to a terminal}}} or {{{Can not access '/dev/pts/0': No such file or directory of this type}}} with using the control [[DebianPkg:screen]].

In this case, the primary system, run the command:
{{{
mount --bind /dev/pts /srv/chroot/wheezy/dev/pts
}}}

=== Default Configurations ===

Generally the file {{{/etc/fstab}}} might look like this:

{{{
# grep chroot /etc/fstab
/dev /srv/chroot/wheezy/dev auto bind 0 0
/dev/pts /srv/chroot/wheezy/dev/pts auto bind 0 0
/proc /srv/chroot/wheezy/proc auto bind 0 0
}}}

Therefore mount on the primary system would be:
{{{
# mount | grep chroot
/dev on /srv/chroot/wheezy/dev -type none (rw, bind)
/dev/pts on /srv/chroot/wheezy/dev/pts kind none (rw, bind)
/proc on /srv/chroot/wheezy/proc type none (rw, bind)
}}}

== Adding / removing packages ==

 * Eliminate unnecessary packages (all depends on the purpose of the chroot)
{{{
apt-get install deborphan
}}}
{{{
deborphan -a
}}}

 * And for example
{{{
apt-get remove --purge telnet manpages pppconfig ipchains ...
}}}

'' Complementary'' list svgalibg1 whiptail

 * Add a little comfort
{{{
apt-get install emacs23 local mc
}}}

== Usage ==
Common examples of chroot usage:

 * Recompiling application in a context other than the machine that hosts the chroot ([[Backports | backport]], cross-compiling, ...)

 * Update service production by tilting the old service (host machine) to the new (installed in the chroot)

 * Securing a service "chrooted" from the host machine (and vice versa)

== Advanced Usage ==
The [[Schroot|schroot]] package provides a convenient wrapper for allowing unprivileged users to have access to one or more chroot environments. schroot handles the chroot(2) call as well as dropping privileges inside the chroot and bind mounting resources into the chroot (like home directories, /dev, /proc).

----
ToDo - Clean up from French translation.

 CategorySystemAdministration

Translation(s): Deutsch - English - Español - Français - Italiano


chroot on Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children.(Read more ...)

Basic Installation

Building a "chroot" is very easy in Debian.

You will need:

  • Install the required packages

apt-get install binutils debootstrap
  • Choose a location

mkdir -p /srv/chroot/wheezy
  • Build the chroot

Either select a close network mirror manually, use one of the dns based mirrors such as ftp.XX.debian.org where XX is your geographic country code, or use the httpredir.debian.org which will do this for you automatically. The httpredir.debian.org is easier to document and becoming the generally preferred method and is therefore recommended if you don't have your own fast preferred local mirror. See http://httpredir.debian.org/ for documentation and details.

debootstrap --arch i386 wheezy /srv/chroot/wheezy http://httpredir.debian.org/debian
  • To enter:

chroot /srv/chroot/wheezy

Configuration

In general, it is necessary to create/edit key configuration points.

Create a /usr/sbin/policy-rc.d file IN THE CHROOT so that dpkg won't start daemons unless desired. This example prevents all daemons from being started in the chroot.

chroot /srv/chroot/wheezy
cat > ./usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+x ./usr/sbin/policy-rc.d

The ischroot command is buggy and does not detect that it is running in a chroot (685034). Several packages depend upon ischroot for determining correct behavior in a chroot and will operate incorrectly during upgrades if it is not fixed. The easiest way to fix it is to replace ischroot with the /bin/true command.

dpkg-divert --divert /usr/bin/ischroot.debianutils --rename /usr/bin/ischroot
ln -s /bin/true /usr/bin/ischroot

Configuring a chroot is relatively static and very specific, it may be possible to dispense with the command "top-level" and directly edit files.

  • Users defined in the chroot

/etc/passwd
/etc/groups
  • Settings network settings in the chroot

/etc/hosts
/etc/resolv.conf
  • Mounts filesystems from the underlying host (NOT in the chroot)

/etc/fstab

Mounting pseudo filesystems

/proc

  • Check the chrooted system the presence of /proc if the chroot is not likely to be fully operational. A priori, since version debootstrap Debian/Wheezy integrates natively mount /proc and /sys

proc on /proc type proc (rw)
sysfs on /sys sysfs kind (rw)

/dev/pts

  • It is also advisable to do a "bind" /dev/pts. This prevents error messages like Must be connected to a terminal or Can not access '/dev/pts/0': No such file or directory of this type with using the control screen.

In this case, the primary system, run the command:

mount --bind /dev/pts /srv/chroot/wheezy/dev/pts

Default Configurations

Generally the file /etc/fstab might look like this:

# grep chroot /etc/fstab
/dev /srv/chroot/wheezy/dev auto bind 0 0
/dev/pts /srv/chroot/wheezy/dev/pts auto bind 0 0
/proc /srv/chroot/wheezy/proc auto bind 0 0

Therefore mount on the primary system would be:

# mount | grep chroot
/dev on /srv/chroot/wheezy/dev -type none (rw, bind)
/dev/pts on /srv/chroot/wheezy/dev/pts kind none (rw, bind)
/proc on /srv/chroot/wheezy/proc type none (rw, bind)

Adding / removing packages

  • Eliminate unnecessary packages (all depends on the purpose of the chroot)

apt-get install deborphan

deborphan -a
  • And for example

apt-get remove --purge telnet manpages pppconfig ipchains ...

Complementary list svgalibg1 whiptail

  • Add a little comfort

apt-get install emacs23 local mc

Usage

Common examples of chroot usage:

  • Recompiling application in a context other than the machine that hosts the chroot (backport, cross-compiling, ...)

  • Update service production by tilting the old service (host machine) to the new (installed in the chroot)
  • Securing a service "chrooted" from the host machine (and vice versa)

Advanced Usage

The schroot package provides a convenient wrapper for allowing unprivileged users to have access to one or more chroot environments. schroot handles the chroot(2) call as well as dropping privileges inside the chroot and bind mounting resources into the chroot (like home directories, /dev, /proc).


ToDo - Clean up from French translation.