Creating a chroot
This section provides instructions on creating a basic chroot. For more advanced chroots.
- Install the dchroot and debootstrap packages.
- As an administrator (i.e. using sudo), create a new directory for the chroot. In this procedure, the directory /var/chroot will be used. To do this, type sudo mkdir /var/chroot into a command line.
- As an administrator, open /etc/schroot/schroot.conf in a text editor. Type cd /etc/schroot, followed bygksu gedit schroot.conf. This will allow you to edit the file.
- Add the following lines into schroot.conf and then save and close the file. Replace your_username with your username.
[lucid] description=Ubuntu Lucid location=/var/chroot priority=3 users=your_username groups=sbuild root-groups=root
- Open a terminal and type:
sudo debootstrap --variant=buildd --arch i386 lucid /var/chroot/ http://mirror.url.com/ubuntu/
Note: You can replace lucid with the Ubuntu version of your choice.Note: You must change the above mirror.url.com with the URL of a valid archive mirror local to you. - A basic chroot should now have been created. Type sudo chroot /var/chroot to change to a root shell inside the chroot.
Setting-up the chroot
There are some basic steps you can take to set-up the chroot, providing facilities such as DNS resolution and access to /proc.
Note: Type these commands in a shell which is outside the chroot.
- Type the following to mount the /proc filesystem in the chroot (required for managing processes):
sudo mount -o bind /proc /var/chroot/proc
- Type the following to allow DNS resolution from within the chroot (required for Internet access):
sudo cp /etc/resolv.conf /var/chroot/etc/resolv.conf
Very few packages are installed by default in a chroot (even sudo isn't installed). Use apt-get install package_name to install packages.
See Debootstrap Chroot and Installing Mandriva Linux in a Chroot for more advanced set-up instructions.
Accessing graphical applications inside the chroot
You can run graphical applications within a chroot, but you need to provide an X server for them to run in first. The easiest way to do this is to set the display of the chroot system to be identical to the root display of your system's main X server.
In other words, in the chroot shell type
export DISPLAY=:0.0
Any X command you type will now get its own window as you're used to, but as it is running inside the chroot jail it will not be able to see your normal file system.
You don't have to enter the chroot shell to access its commands. Suppose you want to run Firefox in a chroot jail in order to avoid security problems with signed Java applets and other components which otherwise would have access to your personal files. You can do this by running the command
gksudo chroot /var/chroot firefox -DISPLAY=:0.0
This command can also be invoked from the menu, or a panel applet or desktop shortcut.
If you want the chroot to have its own display, you need to create this display with the Xnest command. Perform the following instructions outside the chroot:
- Install the xhost and xnest packages.
- Ensure that /proc is mounted and DNS resolution is set-up within the chroot (see above).
- Type the following into a Terminal:
Xnest -ac :1
- Open another Terminal and type the following to enter the chroot:
sudo chroot /var/chroot
- While in the chroot shell, type the following:
export DISPLAY=localhost:1
If you have problems starting graphical applications, type the above command again, but replace localhost with127.0.0.1
- Start a window manager inside the chroot. For example, install the metacity package and type:
metacity &
- Start a graphical application inside the chroot (making sure that you installed it in the chroot first). It should appear in the Xnest window.
You can install a complete Ubuntu desktop in the chroot by installing the ubuntu-desktop package. GNOME can be started from the command line by running the gnome-session command.
No comments:
Post a Comment