Setup chroot Environment

A chroot environment is essentially a complete self-contained Linux installation that is nested within the main system.

The reason that I’m looking into setting up a chroot environment is for building custom ubuntu packages. Instead of compiling and running everything on my main machine, it’s best practice to do that in a chroot. This way, your main machine doesn’t get cluttered with unnecessary files and binaries. But you can also run software that is designed for another platform or architecture.

You also can easily run multiple chroot environments at the same time.

In the following example, I’ll be setting up a chroot environment for Ubuntu Presice (12.04 LTS 64bit ).

Installation & configuration

First off, lets install debootstrap. Debootstrap is a tool which will install a Debian based system into a subdirectory of another, already installed system. Let me emphasize that this is only available for Debian based systems! Debootstrap  is not available on any other platforms.

$ sudo apt-get install debootstrap

You’ll also want to install the dchroot package, which provides a convenient way to use the various chroot environments you set up. It allows the user to run a command or login shell in a chroot environment.

$ sudo apt-get install dchroot

Now, make sure the chroot directory of your choice exists. Usually, chroot environments get installed under /var/chroot

$ sudo mkdir /var/chroot

To configure dchroot, edit / create the file /etc/dchroot.conf and add the following line:

precise_amd64 /var/chroot/precise_amd64

The first part is the label for your chroot environment, while the second part is the appropriate path.

Now we’ll need to install the new environment. Since I’m planning on installing Ubuntu Precise ( 64bit edition ) I use the following command:

$ sudo debootstrap --variant=buildd --arch amd64 precise /var/chroot/precise_amd64 http://archive.ubuntu.com/ubuntu/

If you use the chroot to build packages, you need to add the –variant=buildd option. Debootstrap will now build a Precise chroot in /var/chroot/precise_amd64, getting the base packages in http://archive.ubuntu.com/ubuntu.

When debootstrap finishes successfully, you’ll be left with a base chroot in /var/chroot/precise_amd64 . To get your chroot to work and be able to grab packages from the network, do the following right after debootstrap:

$ sudo cp /etc/resolv.conf /var/chroot/precise_amd64/etc/resolv.conf
$ sudo cp /etc/apt/sources.list /var/chroot/precise_amd64/etc/apt/

If chroot system is different from your main system, you’ll want to alter the sources.list file so you can retrieve the right packages.

Now lets enter the chroot environment and finalize the packages part:

$ sudo chroot /var/chroot/precise_amd64
# apt-get update
# apt-get install vim sudo gnupg
# apt-get update
# locale-gen en_US.UTF-8
# dpkg-reconfigure tzdata
# exit

Now switching to your chroot environment is pretty easy. Just run dchroot -d as root ( or dchroot -d -c precise_amd64 if you have more than one chroot).

This now will only work if you are root. you may want to set things up so that you can chroot as a normal user and still have access to your home directory. To achieve this, you’ll need to copy the user and group configuration files from the main system. You can also hard link them if they are on the same partition.

To copy them over:

# cp /etc/passwd /var/chroot/precise_amd64/etc/
# sed 's/\([^:]*\):[^:]*:/\1:*:/' /etc/shadow | tee /var/chroot/precise_amd64/etc/shadow
# cp /etc/group /var/chroot/precise_amd64/etc/
# cp /etc/hosts /var/chroot/precise_amd64/etc/

The sed line removes the encrypted passwords form the shadow file. They aren’t needed since no one will be logging in the chroot environment. This is for security reasons to prevent the shadow file from being available in two places.

If you would rather hard link the files so they remain synchronized:

# cd /var/chroot/precise_amd64/etc
# rm passwd shadow group gshadow hosts
# ln /etc/passwd
# ln /etc/shadow
# ln /etc/group
# ln /etc/gshadow
# ln /etc/hosts

You can still copy the shadow file and sed it instead of hard linking it. Just remember that if you add or remove users, you will need to update the file in the chroot environment as well if you want them to be able to access it.

Finally, if you want your home directory and other filesystems to be available in the chroot, edit the /etc/fstab on the main machine and add the following:

/home /var/chroot/precise_amd64/home none bind 0 0 
/tmp /var/chroot/precise_amd64/tmp none bind 0 0 
/dev /var/chroot/precise_amd64/dev none bind 0 0 
proc-chroot /var/chroot/precise_amd64/proc proc defaults 0 0 
devpts-chroot /var/chroot/precise_amd64/dev/pts devpts defaults 0 0

Now mount all the filesystems:

$ sudo mount -a

Now switching between your main system and the chroot environment can be a bit unclear. So if you want the prompt to give the chroot name when you are using it, edit /var/chroot/precise_amd64/etc/debian_chroot and add:

precise_amd64

or another name you want to be displayed.