Differences between revisions 3 and 43 (spanning 40 versions)
Revision 3 as of 2006-04-26 21:16:06
Size: 427
Editor: MikeOConnor
Comment:
Revision 43 as of 2013-10-03 09:27:00
Size: 4154
Editor: ?KonstantinDemin
Comment: Provide a better way to substitute /usr/bin/ischroot with /bin/true rather than overwriting
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## Auto-converted by kwiki2moinmoin v2005-10-07
All chroot does is, for all child processes, replace the root directory on a unix system with one of the operators' choosing.
#language en
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: [[de/chroot|Deutsch]] - English - [[fr/Chroot|Français]] - [[it/chroot|Italiano]] - [[es/chroot|Español]] -~
----
'''chroot''' on Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children.''([[WikiPedia: en: chroot | Read more ...]])''
Line 4: Line 6:
Refer to [Debootstrap] for information on setting up another complete Debian install inside a chroot <<TableOfContents(3)>>
== Basic Installation ==
Building a "chroot" is very easy in Debian.
Line 6: Line 10:
See Also: You will need:
 * Install the required packages
{{{
apt-get install binutils debootstrap
}}}
Line 8: Line 16:
 * http://en.wikipedia.org/wiki/Chroot
 * http://www.gnu.org/software/coreutils/manual/html_chapter/coreutils_22.html#["SEC145"]
 * Choose a location
{{{
mkdir -p /srv/chroot/wheezy
}}}

 * Build the chroot
{{{
debootstrap --arch i386 wheezy /srv/chroot/wheezy http://http.debian.net/debian
}}}

 * To enter:
{{{
chroot /srv/chroot/wheezy
}}}

== Configuration ==

In general, it is necessary to create/edit key configuration points.

Create a /usr/sbin/policy-rc.d file IN THE CHROOT so that dpkg won't start daemons unless desired. This example prevents all daemons from being started in the chroot.

{{{
chroot /srv/chroot/wheezy
cat > ./usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+x ./usr/sbin/policy-rc.d
}}}

The {{{ischroot}}} command is buggy and does not detect that it is running in a chroot (DebianBug:685034). Several packages depend upon {{{ischroot}}} for determining correct behavior in a chroot and will operate incorrectly during upgrades if it is not fixed. The easiest way to fix it is to replace ischroot with the /bin/true command.

{{{
dpkg-divert --divert /usr/bin/ischroot.debianutils --rename /usr/bin/ischroot
ln -s /bin/true /usr/bin/ischroot
}}}

Configuring a chroot is relatively static and very specific, it may be possible to dispense with the command "top-level" and directly edit files.

 * Users defined in the chroot
{{{
/etc/passwd
/etc/groups
}}}

 * Settings network settings in the chroot
{{{
/etc/hosts
/etc/resolv.conf
}}}

 * Mounts filesystems from the underlying host (NOT in the chroot)
{{{
/etc/fstab
}}}

== Mounting pseudo filesystems ==

=== /proc ===
 * Check the chrooted system the presence of /proc if the chroot is not likely to be fully operational. A priori, since version debootstrap Debian/Wheezy integrates natively mount /proc and /sys
{{{
proc on /proc type proc (rw)
sysfs on /sys sysfs kind (rw)
}}}

=== /dev/pts ===

 * It is also advisable to do a "bind" /dev/pts. This prevents error messages like {{{Must be connected to a terminal}}} or {{{Can not access '/dev/pts/0': No such file or directory of this type}}} with using the control [[DebianPkg:screen]].

In this case, the primary system, run the command:
{{{
mount --bind /dev/pts /srv/chroot/wheezy/dev/pts
}}}

=== Default Configurations ===

Generally the file {{{/etc/fstab}}} might look like this:

{{{
# grep chroot /etc/fstab
/dev /srv/chroot/wheezy/dev auto bind 0 0
/dev/pts /srv/chroot/wheezy/dev/pts auto bind 0 0
/proc /srv/chroot/wheezy/proc auto bind 0 0
}}}

Therefore mount on the primary system would be:
{{{
# mount | grep chroot
/dev on /srv/chroot/wheezy/dev -type none (rw, bind)
/dev/pts on /srv/chroot/wheezy/dev/pts kind none (rw, bind)
/proc on /srv/chroot/wheezy/proc type none (rw, bind)
}}}

== Adding / removing packages ==

 * Eliminate unnecessary packages (all depends on the purpose of the chroot)
{{{
apt-get install deborphan
}}}
{{{
deborphan -a
}}}

 * And for example
{{{
apt-get remove --purge telnet manpages pppconfig ipchains ...
}}}

'' Complementary'' list svgalibg1 whiptail

 * Add a little comfort
{{{
apt-get install emacs23 local mc
}}}

== Usage ==
Common examples of chroot usage:

 * Recompiling application in a context other than the machine that hosts the chroot ([[Backports | backport]], cross-compiling, ...)

 * Update service production by tilting the old service (host machine) to the new (installed in the chroot)

 * Securing a service "chrooted" from the host machine (and vice versa)

----
ToDo - Clean up from French translation.

 CategorySystemAdministration

Translation(s): Deutsch - English - Français - Italiano - Español


chroot on Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children.(Read more ...)

Basic Installation

Building a "chroot" is very easy in Debian.

You will need:

  • Install the required packages

apt-get install binutils debootstrap
  • Choose a location

mkdir -p /srv/chroot/wheezy
  • Build the chroot

debootstrap --arch i386 wheezy /srv/chroot/wheezy http://http.debian.net/debian
  • To enter:

chroot /srv/chroot/wheezy

Configuration

In general, it is necessary to create/edit key configuration points.

Create a /usr/sbin/policy-rc.d file IN THE CHROOT so that dpkg won't start daemons unless desired. This example prevents all daemons from being started in the chroot.

chroot /srv/chroot/wheezy
cat > ./usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+x ./usr/sbin/policy-rc.d

The ischroot command is buggy and does not detect that it is running in a chroot (685034). Several packages depend upon ischroot for determining correct behavior in a chroot and will operate incorrectly during upgrades if it is not fixed. The easiest way to fix it is to replace ischroot with the /bin/true command.

dpkg-divert --divert /usr/bin/ischroot.debianutils --rename /usr/bin/ischroot
ln -s /bin/true /usr/bin/ischroot

Configuring a chroot is relatively static and very specific, it may be possible to dispense with the command "top-level" and directly edit files.

  • Users defined in the chroot

/etc/passwd
/etc/groups
  • Settings network settings in the chroot

/etc/hosts
/etc/resolv.conf
  • Mounts filesystems from the underlying host (NOT in the chroot)

/etc/fstab

Mounting pseudo filesystems

/proc

  • Check the chrooted system the presence of /proc if the chroot is not likely to be fully operational. A priori, since version debootstrap Debian/Wheezy integrates natively mount /proc and /sys

proc on /proc type proc (rw)
sysfs on /sys sysfs kind (rw)

/dev/pts

  • It is also advisable to do a "bind" /dev/pts. This prevents error messages like Must be connected to a terminal or Can not access '/dev/pts/0': No such file or directory of this type with using the control screen.

In this case, the primary system, run the command:

mount --bind /dev/pts /srv/chroot/wheezy/dev/pts

Default Configurations

Generally the file /etc/fstab might look like this:

# grep chroot /etc/fstab
/dev /srv/chroot/wheezy/dev auto bind 0 0
/dev/pts /srv/chroot/wheezy/dev/pts auto bind 0 0
/proc /srv/chroot/wheezy/proc auto bind 0 0

Therefore mount on the primary system would be:

# mount | grep chroot
/dev on /srv/chroot/wheezy/dev -type none (rw, bind)
/dev/pts on /srv/chroot/wheezy/dev/pts kind none (rw, bind)
/proc on /srv/chroot/wheezy/proc type none (rw, bind)

Adding / removing packages

  • Eliminate unnecessary packages (all depends on the purpose of the chroot)

apt-get install deborphan

deborphan -a
  • And for example

apt-get remove --purge telnet manpages pppconfig ipchains ...

Complementary list svgalibg1 whiptail

  • Add a little comfort

apt-get install emacs23 local mc

Usage

Common examples of chroot usage:

  • Recompiling application in a context other than the machine that hosts the chroot (backport, cross-compiling, ...)

  • Update service production by tilting the old service (host machine) to the new (installed in the chroot)
  • Securing a service "chrooted" from the host machine (and vice versa)


ToDo - Clean up from French translation.