|
Size: 429
Comment:
|
Size: 4154
Comment: Revert to #43; thanks Bob Proulx for clarification!
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## Auto-converted by kwiki2moinmoin v2005-10-07 All chroot does is, for all child processes, replace the root directory on a unix system with one of the operators' choosing. |
#language en ~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: [[de/chroot|Deutsch]] - English - [[fr/Chroot|Français]] - [[it/chroot|Italiano]] - [[es/chroot|Español]] -~ ---- '''chroot''' on Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children.''([[WikiPedia: en: chroot | Read more ...]])'' |
| Line 4: | Line 6: |
| Refer to ["Debootstrap"] for information on setting up another complete Debian install inside a chroot | <<TableOfContents(3)>> == Basic Installation == Building a "chroot" is very easy in Debian. |
| Line 6: | Line 10: |
| See Also: | You will need: * Install the required packages {{{ apt-get install binutils debootstrap }}} |
| Line 8: | Line 16: |
| * http://en.wikipedia.org/wiki/Chroot * http://www.gnu.org/software/coreutils/manual/html_chapter/coreutils_22.html#["SEC145"] |
* Choose a location {{{ mkdir -p /srv/chroot/wheezy }}} * Build the chroot {{{ debootstrap --arch i386 wheezy /srv/chroot/wheezy http://http.debian.net/debian }}} * To enter: {{{ chroot /srv/chroot/wheezy }}} == Configuration == In general, it is necessary to create/edit key configuration points. Create a /usr/sbin/policy-rc.d file IN THE CHROOT so that dpkg won't start daemons unless desired. This example prevents all daemons from being started in the chroot. {{{ chroot /srv/chroot/wheezy cat > ./usr/sbin/policy-rc.d <<EOF #!/bin/sh exit 101 EOF chmod a+x ./usr/sbin/policy-rc.d }}} The {{{ischroot}}} command is buggy and does not detect that it is running in a chroot (DebianBug:685034). Several packages depend upon {{{ischroot}}} for determining correct behavior in a chroot and will operate incorrectly during upgrades if it is not fixed. The easiest way to fix it is to replace ischroot with the /bin/true command. {{{ dpkg-divert --divert /usr/bin/ischroot.debianutils --rename /usr/bin/ischroot ln -s /bin/true /usr/bin/ischroot }}} Configuring a chroot is relatively static and very specific, it may be possible to dispense with the command "top-level" and directly edit files. * Users defined in the chroot {{{ /etc/passwd /etc/groups }}} * Settings network settings in the chroot {{{ /etc/hosts /etc/resolv.conf }}} * Mounts filesystems from the underlying host (NOT in the chroot) {{{ /etc/fstab }}} == Mounting pseudo filesystems == === /proc === * Check the chrooted system the presence of /proc if the chroot is not likely to be fully operational. A priori, since version debootstrap Debian/Wheezy integrates natively mount /proc and /sys {{{ proc on /proc type proc (rw) sysfs on /sys sysfs kind (rw) }}} === /dev/pts === * It is also advisable to do a "bind" /dev/pts. This prevents error messages like {{{Must be connected to a terminal}}} or {{{Can not access '/dev/pts/0': No such file or directory of this type}}} with using the control [[DebianPkg:screen]]. In this case, the primary system, run the command: {{{ mount --bind /dev/pts /srv/chroot/wheezy/dev/pts }}} === Default Configurations === Generally the file {{{/etc/fstab}}} might look like this: {{{ # grep chroot /etc/fstab /dev /srv/chroot/wheezy/dev auto bind 0 0 /dev/pts /srv/chroot/wheezy/dev/pts auto bind 0 0 /proc /srv/chroot/wheezy/proc auto bind 0 0 }}} Therefore mount on the primary system would be: {{{ # mount | grep chroot /dev on /srv/chroot/wheezy/dev -type none (rw, bind) /dev/pts on /srv/chroot/wheezy/dev/pts kind none (rw, bind) /proc on /srv/chroot/wheezy/proc type none (rw, bind) }}} == Adding / removing packages == * Eliminate unnecessary packages (all depends on the purpose of the chroot) {{{ apt-get install deborphan }}} {{{ deborphan -a }}} * And for example {{{ apt-get remove --purge telnet manpages pppconfig ipchains ... }}} '' Complementary'' list svgalibg1 whiptail * Add a little comfort {{{ apt-get install emacs23 local mc }}} == Usage == Common examples of chroot usage: * Recompiling application in a context other than the machine that hosts the chroot ([[Backports | backport]], cross-compiling, ...) * Update service production by tilting the old service (host machine) to the new (installed in the chroot) * Securing a service "chrooted" from the host machine (and vice versa) ---- ToDo - Clean up from French translation. CategorySystemAdministration |
Translation(s): Deutsch - English - Français - Italiano - Español
chroot on Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children.(Read more ...)
Contents
Basic Installation
Building a "chroot" is very easy in Debian.
You will need:
- Install the required packages
apt-get install binutils debootstrap
- Choose a location
mkdir -p /srv/chroot/wheezy
- Build the chroot
debootstrap --arch i386 wheezy /srv/chroot/wheezy http://http.debian.net/debian
- To enter:
chroot /srv/chroot/wheezy
Configuration
In general, it is necessary to create/edit key configuration points.
Create a /usr/sbin/policy-rc.d file IN THE CHROOT so that dpkg won't start daemons unless desired. This example prevents all daemons from being started in the chroot.
chroot /srv/chroot/wheezy cat > ./usr/sbin/policy-rc.d <<EOF #!/bin/sh exit 101 EOF chmod a+x ./usr/sbin/policy-rc.d
The ischroot command is buggy and does not detect that it is running in a chroot (685034). Several packages depend upon ischroot for determining correct behavior in a chroot and will operate incorrectly during upgrades if it is not fixed. The easiest way to fix it is to replace ischroot with the /bin/true command.
dpkg-divert --divert /usr/bin/ischroot.debianutils --rename /usr/bin/ischroot ln -s /bin/true /usr/bin/ischroot
Configuring a chroot is relatively static and very specific, it may be possible to dispense with the command "top-level" and directly edit files.
- Users defined in the chroot
/etc/passwd /etc/groups
- Settings network settings in the chroot
/etc/hosts /etc/resolv.conf
- Mounts filesystems from the underlying host (NOT in the chroot)
/etc/fstab
Mounting pseudo filesystems
/proc
- Check the chrooted system the presence of /proc if the chroot is not likely to be fully operational. A priori, since version debootstrap Debian/Wheezy integrates natively mount /proc and /sys
proc on /proc type proc (rw) sysfs on /sys sysfs kind (rw)
/dev/pts
It is also advisable to do a "bind" /dev/pts. This prevents error messages like Must be connected to a terminal or Can not access '/dev/pts/0': No such file or directory of this type with using the control screen.
In this case, the primary system, run the command:
mount --bind /dev/pts /srv/chroot/wheezy/dev/pts
Default Configurations
Generally the file /etc/fstab might look like this:
# grep chroot /etc/fstab /dev /srv/chroot/wheezy/dev auto bind 0 0 /dev/pts /srv/chroot/wheezy/dev/pts auto bind 0 0 /proc /srv/chroot/wheezy/proc auto bind 0 0
Therefore mount on the primary system would be:
# mount | grep chroot /dev on /srv/chroot/wheezy/dev -type none (rw, bind) /dev/pts on /srv/chroot/wheezy/dev/pts kind none (rw, bind) /proc on /srv/chroot/wheezy/proc type none (rw, bind)
Adding / removing packages
- Eliminate unnecessary packages (all depends on the purpose of the chroot)
apt-get install deborphan
deborphan -a
- And for example
apt-get remove --purge telnet manpages pppconfig ipchains ...
Complementary list svgalibg1 whiptail
- Add a little comfort
apt-get install emacs23 local mc
Usage
Common examples of chroot usage:
Recompiling application in a context other than the machine that hosts the chroot (backport, cross-compiling, ...)
- Update service production by tilting the old service (host machine) to the new (installed in the chroot)
- Securing a service "chrooted" from the host machine (and vice versa)
ToDo - Clean up from French translation.