Basic chroot in ubuntu
A chroot is a way of isolating applications from the rest of your computer, by putting them in a jail. This is particularly useful if you are testing an application which could potentially alter important system files, or which may be insecure.
- Isolating insecure and unstable applications
- Running 32-bit applications on 64-bit systems
- Testing new packages before installing them on the production system
- Running older versions of applications on more modern versions of Ubuntu
- Building new packages, allowing careful control over the dependency packages which are installed
- Install the dchroot and debootstrap packages.
- As an administrator (i.e. using sudo), create a new directory for the chroot. In this procedure, the directory /var/chroot will be used. To do this, type sudo mkdir /var/chroot into a command line.
- As an administrator, open /etc/schroot/schroot.conf in a text editor. Type cd /etc/schroot, followed by gksu gedit schroot.conf. This will allow you to edit the file.
Add the following lines into schroot.conf and then save and close the file. Replace your_username with your username.
[lucid] description=Ubuntu Lucid location=/var/chroot priority=3 users=your_username groups=sbuild root-groups=root
- Open a terminal and type:
Note: You can replace lucid with the Ubuntu version of your choice.Note: You must change the above mirror.url.com with the URL of a valid archive mirror local to you.
sudo debootstrap --variant=buildd --arch i386 lucid /var/chroot/ http://mirror.url.com/ubuntu/
- A basic chroot should now have been created. Type sudo chroot /var/chroot to change to a root shell inside the chroot.
Type the following to mount the /proc filesystem in the chroot (required for managing processes):
sudo mount -o bind /proc /var/chroot/proc
- Type the following to allow DNS resolution from within the chroot (required for Internet access):
sudo cp /etc/resolv.conf /var/chroot/etc/resolv.conf
gksudo chroot /var/chroot firefox -DISPLAY=:0.0
- Install the xhost and xnest packages.
- Ensure that /proc is mounted and DNS resolution is set-up within the chroot (see above).
- Type the following into a Terminal:
Xnest -ac :1
- Open another Terminal and type the following to enter the chroot:
sudo chroot /var/chroot
- While in the chroot shell, type the following:
export DISPLAY=localhost:1If you have problems starting graphical applications, type the above command again, but replace localhost with 127.0.0.1
Start a window manager inside the chroot. For example, install the metacity package and type:
- Start a graphical application inside the chroot (making sure that you installed it in the chroot first). It should appear in the Xnest window.
For schroot, all automatically created binds will be removed on exit and accidental erasure of entire /home (often heard about) can be minimized. (It seems either people forget or don't comprehend bi-directional nature of mount --bind.)