Difference between revisions of "Chroot"

Chroot (Change root) is a Unix system utility used to change the apparent root directory to create a new environment logically separate from the main system's root directory. This new environment is known as a "chroot jail." A user operating inside the jail cannot see or access files outside of the environment they have been locked into.

One of the main uses for chrooting is to create a separate Linux system on top of a the current one for the purpose of testing or software compatibility. Chroot is often seen as a lightweight alternative to virtualization because it is able to run without the overhead of a hypervisor.

Prerequisites

Setting up the environment

When creating a new chroot setup, the first thing needed is a directory for the chroot to reside in. For example, a chroot could be created in /mnt/mychroot:

To mount an existing installation from a partition the following command can be ran. Be sure to replace the <DEVICE> string in the example below with the drive and partition of the existing installation:

If an installation has been previously created in a sub directory of the current root file system the above steps can be skipped.

Unpacking system files and the Portage tree (new installations)

When building a new install, the next step is to download the stage3 and Portage tarballs and set them up in the chroot location. For more information on this process please see Downloading the stage tarball and Unpacking the stage tarball in the Gentoo Handbook.

Configuration

Before entering the chroot a number of directories need to be mounted:

Some basic configuration files will need to be copied from the host, do not copy over make.conf when using an existing installation:

copypasta option (optional)

It's possible to invoke this command to save time if you're able to copy+paste.

Warning: Do not forgett to change /mnt/mychrooto AND /dev/sda4 for your variables if neccesary!!

Usage

Once done enter the chroot environment by executing the following commands:

When creating a new installation Portage should be synced to make sure everything is up to date.

Template:ChrootCmd

The system is now ready; feel free to install software, mess with settings, test experimental packages and configurations without having any effect on the main system. To leave the chroot simply type exit or press Ctrl+d. Doing so will return the console back to the normal environment. Do not forget to umount the directories that have been mounted.

Init scripts

If setting up chroots is a task that is needed to be performed often, it is possible to speed up the mounting of the directories by using an init script. The script could be added to the default runlevel and therefore set up automatically on system boot:

#!/sbin/openrc-run
 
depend() {
   need localmount
   need bootmisc
}
 
start() {
     ebegin "Mounting chroot directories"
     mount -o rbind /dev /mnt/mychroot/dev > /dev/null &
     mount -t proc none /mnt/mychroot/proc > /dev/null &
     mount -o bind /sys /mnt/mychroot/sys > /dev/null &
     mount -o bind /tmp /mnt/mychroot/tmp > /dev/null &
     eend $? "An error occurred while mounting chroot directories"
}
 
stop() {
     ebegin "Unmounting chroot directories"
     umount -f /mnt/mychroot/dev > /dev/null &
     umount -f /mnt/mychroot/proc > /dev/null &
     umount -f /mnt/mychroot/sys > /dev/null &
     umount -f /mnt/mychroot/tmp > /dev/null &
     eend $? "An error occurred while unmounting chroot directories"
}

When using a different directory or partition, add the necessary mounting commands in the start() function and change /mnt/chroot to the appropriate name.

See also

• Chroot Guide
• Chrooting proxy services
• Security Handbook/Chrooting and virtual servers