特殊:Badtitle/NS100:BasicChroot

来自Ubuntu中文
Wikibot留言 | 贡献2010年5月19日 (三) 21:40的版本
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)
跳到导航跳到搜索

{{#ifexist: :BasicChroot/zh | | {{#ifexist: BasicChroot/zh | | {{#ifeq: {{#titleparts:BasicChroot|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:BasicChroot|1|-1|}} | zh | | }}

  1. title Creating a basic chroot

A chroot is a way of isolating applications from the rest of your computer, by putting them in a jail. This is particularly useful if you are testing an application which could potentially alter important system files, or which may be insecure. This document explains the basic concepts surrounding the use of a chroot and provides instructions for getting a basic chroot up and running.

Basic Concepts

A chroot is basically a special directory on your computer which prevents applications, if run from inside that directory, from accessing files outside the directory. In many ways, a chroot is like installing another operating system inside your existing operating system. Technically-speaking, chroot temporarily changes the root directory (which is normally /) to the chroot directory (for example, /var/chroot). As the root directory is the top of the filesystem hierarchy, applications are unable to access directories higher up than the root directory, and so are isolated from the rest of the system. This prevents applications inside the chroot from interfering with files elsewhere on your computer. Note that it is possible for software from outside the chroot to access files inside the chroot. See Wikipedia - chroot for more information.

Uses of chroots

The following are some possible uses of chroots:

  • Isolating insecure and unstable applications
  • Running 32-bit applications on 64-bit systems
  • Testing new packages before installing them on the production system
  • Running older versions of applications on more modern versions of Ubuntu
  • Building new packages, allowing careful control over the dependency packages which are installed

Creating a chroot

This section provides instructions on creating a basic chroot. For more advanced chroots, see Debootstrap Chroot.

  1. Install the dchroot and debootstrap packages.
  2. As an administrator (i.e. using sudo), create a new directory for the chroot. In this procedure, the directory /var/chroot will be used. To do this, type sudo mkdir /var/chroot into a command line.
  3. As an administrator, open /etc/schroot/schroot.conf in a text editor. Type cd /etc/schroot, followed by gksu gedit schroot.conf. This will allow you to edit the file.
  4. Add the following lines into schroot.conf and then save and close the file. Replace your_username with your username.
[gutsy]
description=Ubuntu Gutsy
location=/var/chroot
priority=3
users=your_username
groups=sbuild
root-groups=root
  1. Open a terminal and type:
sudo debootstrap --variant=buildd --arch i386 gutsy /var/chroot/ http://archive.ubuntu.com/ubuntu/

This will create a basic 'installation' of Ubuntu 7.10 (Gutsy Gibbon) in the chroot. It may take a while for the packages to be downloaded. Note: You can replace gutsy with the Ubuntu version of your choice. 1.#6 A basic chroot should now have been created. Type sudo chroot /var/chroot to change to a root shell inside the chroot.

Setting-up the chroot

There are some basic steps you can take to set-up the chroot, providing facilities such as DNS resolution and access to /proc. Note: Type these commands in a shell which is outside the chroot.

  1. Type the following to mount the /proc filesystem in the chroot (required for managing processes):
sudo mount -o bind /proc /var/chroot/proc
  1. Type the following to allow DNS resolution from within the chroot (required for Internet access):
sudo cp /etc/resolv.conf /var/chroot/etc/resolv.conf

Very few packages are installed by default in a chroot (even sudo isn't installed). Use apt-get install package_name to install packages. See Debootstrap Chroot and Installing Mandriva Linux in a Chroot for more advanced set-up instructions.

Accessing graphical applications inside the chroot

You can run graphical applications within a chroot, but you need to provide an X server for them to run in first. Perform the following instructions outside the chroot:

  1. Install the xhost and xnest packages.
  2. Ensure that /proc is mounted and DNS resolution is set-up within the chroot (see above).
  3. Type the following into a Terminal:
Xnest -ac :1

A blank Xnest window should appear. 1.#4 Open another Terminal and type the following to enter the chroot:

sudo chroot /var/chroot
  1. While in the chroot shell, type the following:
export DISPLAY=localhost:1

If you have problems starting graphical applications, type the above command again, but replace localhost with 127.0.0.1

  1. Start a window manager inside the chroot. For example, install the metacity package and type:
metacity &
  1. Start a graphical application inside the chroot (making sure that you installed it in the chroot first). It should appear in the Xnest window.

You can install a complete Ubuntu desktop in the chroot by installing the ubuntu-desktop package. GNOME can be started from the command line by running the gnome-session command. This section uses parts of the article Installing Mandriva Linux in a Chroot, which is distributed under the CC-BY-SA 2.5 license.

References and further information

  1. Wikipedia - chroot
  2. Installing Mandriva Linux in a Chroot
  3. Debootstrap Chroot

Notes

It seems to advise installing and using schroot in lieu of dchroot would be more consistent. Additionally, (I don't have a reference at my fingertips) my memory is dchroot is being deprecated with schroot taking its place? If there is agreement on using schroot, then in lieu of sudo chroot /var/chroot, use sudo schroot -c gutsy -d and this will still keep things basic by using schroot defaults. In addition, by using schroot then all binds are engaged and removed automatically at chroot enter and exit. This is important to minimize accidental erasures of data. Thus, I think in a basic help page like this to warn users not to erase/delete/trash_can an entire chroot or entire chroot directories until chroot is exited (and all binds removed). For schroot, all automatically created binds will be removed on exit and accidental erasure of entire /home (often heard about) can be minimized. (It seems either people forget or don't comprehend bi-directional nature of mount --bind.) reedmb 20081224