-
Notifications
You must be signed in to change notification settings - Fork 124
Create a chrooted environment
#Chroot environment
A chroot is a way of isolating applications from the rest of your computer, by putting them in a jail. This is particularly useful if you are testing an application which could potentially alter important system files, or which may be insecure. A chroot is basically a special directory on your computer which prevents applications, if run from inside that directory, from accessing files outside the directory. In many ways, a chroot is like installing another operating system inside your existing operating system. The following are some possible uses of chroots:
- Isolating insecure and unstable applications
- Running 32-bit applications on 64-bit systems
- Testing new packages before installing them on the production system
- Running older versions of applications on more modern versions of Ubuntu
- Building new packages, allowing careful control over the dependency packages which are installed
This manual will follow the steps specified in the official page of Ubuntu. And the system we will install as tutorial is Ubuntu 14.04 Trusty amd64.
##Creating a chroot
-
First of all we need to install the tools to make a chroot in out system.
sudo apt-get install debootstrap schroot -
Create a folder where the chroot is going to be installed. We will put the chroot up in /var/chroot/trusty_x64
sudo mkdir -p /var/chroot/trusty_x64 -
Create a configuration file for schroot. For our example, we will create a file named trusty_x64.conf in /etc/schroot/chroot.d/
sudo nano /etc/schroot/chroot.d/trusty_x64.confAnd write the following inside:
[trusty_x64] description=Ubuntu trusty 14.04 for amd64 directory=/var/chroot/trusty_x64 root-users=testuser type=directory users=testuser
-
The first line is the name of the chroot thatis going to be created.
-
description is a short description of the chroot.
-
directory the path where the chroot is going to be installed. Note that is the same path that we specified in step 2.
-
root-users list of users that are allowed in our chroot without password.
-
type The type of the chroot. Valid types are ‘plain’, ‘directory’, ‘file’, ‘block-device’ and ‘lvm-snapshot’. If empty or omitted, the default type is ‘plain’.
-
users list of users that are allowed access to the chroot.
see schroot.config for further information.
-
Run Debootstrap. This step will download and unpack a basic ubuntu or debian system to the chroot directory we created in step 2.
sudo debootstrap --variant=buildd --arch amd64 trusty /var/chroot/trusty_x64 http://mirror.hmc.edu/ubuntuIn our example, we are creating a chroot of an Ubuntu 14.04 64-bit distribution, but this command allows some different commands that can satisfy our needs, for instance, if we want to install the same distribution but the 32-bit version, we have to type:
sudo debootstrap --variant=buildd --arch i386 trusty /var/chroot/trusty http://mirror.hmc.edu/ubuntuNote that we have to do the proper changes creating a different schroot configuration file (i.e. /etc/schroot/chroot.d/trusty) and a different folder for the new chroot (i.e. /var/chroot/trusty)
If we want to create a chroot for a Debian version (i.e. Debian Wheezy (stable)) we have to type:
sudo debootstrap --variant=buildd --arch amd64 wheezy /var/chroot/wheezy_x64 http://ftp.debian.org/debian -
Checking the chroot. To be sure that everything went ok, we can type the following command, that will list all the available chroot enviroments in out system.
schroot -lIf trusty_x64 appears, we can start working in our chrooted environment typing:
schroot -c trusty_x64 -u rootThe prompt of the chrooted environment should be like:
(trusty_x64)root@ordago:~#NOTE For convenience, the default schroot configuration rebinds the /home directory on the host system so that it appears in the chroot system. This could be unexpected because it means that you can accidentally delete or otherwise damage things in /home on the host system. To change this behaviour we can run the following command in the host system:
sudo nano /etc/schroot/default/fstabAnd comment the /home line:
# fstab: static file system information for chroots.
# Note that the mount point will be prefixed by the chroot path
# (CHROOT_PATH)
#
# <file system> <mount point> <type> <options> <dump> <pass>
/proc /proc none rw,bind 0 0
/sys /sys none rw,bind 0 0
/dev /dev none rw,bind 0 0
/dev/pts /dev/pts none rw,bind 0 0
#/home /home none rw,bind 0 0
/tmp /tmp none rw,bind 0 0
Finally, to ensure you have a good DNS configuration, you may want to copy the resolv.conf file from the host system to your chroot environment
sudo cp /etc/resolv.conf /var/chroot/trusty_x64/etc/resolv.conf
And that's it! Now we have a whole very basic system in which we can test out programs and libraries.
##Extra configuration
Inside your chroot environment (not host system):
- Install the bash-completion program
sudo apt-get install bash-completion
sudo apt-get update
- uncomment completion section from
/etc/bash.bashrc
# enable bash completion in interactive shells
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
- comment out completion section from
~/.bashrc
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
# . /etc/bash_completion
#fi
- Install the
xhostandxnestpackages.
Ensure that /proc is mounted and DNS resolution is set-up within the chroot (see above).
- In the host system type the following into a Terminal:
Xnest -ac :1
(A blank Xnest window should appear).
- While in the chroot shell, type the following:
export DISPLAY=localhost:1
'''NOTE: If you have problems starting graphical applications, type the above command again, but replace localhost with 127.0.0.1 '''
Start a window manager inside the chroot. For example, install the metacity (sudo apt-get install metacity) package and type:
metacity &
Another alternative (more usable) is to share the graphics of the host with the chrooted environment. To do that, you only have to:
- In the host type:
xauth list
It will show a cookie like juego/unix:0 MIT-MAGIC-COOKIE-1 36390bfe2372845abd60291d2e3e42c4 Copy that.
- In the chroot add the cookie to xauth:
xauth add juego/unix:0 MIT-MAGIC-COOKIE-1 36390bfe2372845abd60291d2e3e42c4
- And export the display variable:
export DISPLAY=:0
An that's it, now you can run graphical applications like xcalc in your chroot!
Start a graphical application inside the chroot (like gedit - making sure that you installed it in the chroot first -). It should appear in the Xnest window.
##Troubleshooting
- If you get locale warnings in the chroot like "Locale not supported by C library." or "perl: warning: Setting locale failed.", then try one or more of these commands:
sudo dpkg-reconfigure locales
sudo apt-get install language-pack-en
sudo locale-gen en_US.UTF-8
sudo dpkg-reconfigure locales
if the problem persist check out this page.
-
To get access to the intertet within the chroot, you have to type:
sudo cp /etc/resolv.conf /var/chroot/trusty_x64/etc/resolv.conf -
You might want to have the proper sources.list in order to be able to install packages from Ubuntu official repositories like universe or multiverse, and the security updates. If you make a chroot installation, the sources.list will be the most basic one, like:
deb http://archive.ubuntu.com/ubuntu trusty mainYou can generate a more complete sources.list file in this pages Ubuntu and Debian
##External Links