Home Issues Hearts Links

A How To on Creating a chroot Environment

Author: Tom Newsom

Published: February 17, 2007

The chroot program, man chroot for details, enables us to run different instances of the GNU/Linux environment on a single system simultaneously without rebooting. There could be many reasons why one would want or need to do this so doing it securely is a Good Thing(c) right? Do it in a way that does not disrupt ones running installation is surely the Right Thing(c) to do. In this document I will show you exactly how to achieve these stated aims whilst having fun at the same time.

In this document I shall be showing you how you can run, for testing purposes perhaps, two versions of Slackware simultaneously. Both will be fully fledged installs and both will be fully usable. It is possible to run other distributions via this method as well but I shall leave that aim as an exercise for the reader. Once you know how it is done then doing it for alternative distributions is a natural progression of your newly acquired skills.

It is also possible to run the Slackware tool set under the chroot of a fast host while NFS-mounting a slower machine on the network to the host as read/write and the chroot point being the mount point of the slower machine.

But for this mini How To I shall concentrate on implementing a chroot on a single host.

Slackware within chroot

A chroot Slackware environment is not a hard thing to do. We must be careful however that we do not affect our main install. We must also determine what we want from the chroot environment as this will affect what we install with it. Do we just want a basic CLI environment? Do we want a CLI with network environment? Do we want a full blown environment with X + DTE/WM (Desktop Environment + Window manager)? The list of possibilities can be a long one. For the purposes of this document however we shall go with a CLI + Network environment. Once this foundation is laid we can expand on it once we are within the chroot just like any normal install of Slackware.

Everything we do for the chroot will have to be done as the root user at first. This is because we need to use Slackware's own pkgtools. Plus, we want to ensure whatever we install has the correct permissions and user attributes. First we must decide where our chroot environment will be. For this document we will use /mnt/chroot. That directory will probably not exist so create it:

slackbox # mkdir -p /mnt/chroot

Next we install the basic environment. For the following to work we will need to cd to wherever your local slacktree resides. There is bash script at the end of this document that will download the slackpaks for you and install these if you do not have a local copy of the Slackware Install tree. For example my own local Slackware tree resides on /mnt/sources/slackware-11.0 so, we would cd to there before installing the basic package set. Let us install our basic setup which we have decided is CLI + Network. This means we need to install packages of series a, ap, l and n. For the sake of simplicity, we install all of these series. If your local Slackware tree resides on a CD-ROM then make sure you have it mounted and that you cd into the relevant directory before doing the installpkg lines below.

slackbox # cd /mnt/sources/slackware-11.0/slackware # Edit to suit.
slackbox # installpkg -root /mnt/chroot a/*.tgz
slackbox # installpkg -root /mnt/chroot ap/*.tgz
slackbox # installpkg -root /mnt/chroot l/*.tgz
slackbox # installpkg -root /mnt/chroot n/*.tgz

Next we will copy the local hosts file and the local fstab file to our chroot environment. This will enable us to have the local network work within our chroot environment and also allow all local devices to be used within our chroot:

slackbox # cp /etc/hosts /mnt/chroot/etc/hosts
slackbox # cp /etc/fstab /mnt/chroot/etc/fstab

Copying your main system /etc/fstab may or may not be required, depending on how your main system and the chroot environment are setup. For example, if you have a multiple partition setup on your main system then unless you have setup the chroot environment exactly the same then copying /etc/fstab is not required. In this case you should manually create (or copy then edit) /mnt/chroot/etc/fstab. If, however, you have a simple partition layout then copying /etc/fstab to /mnt/chroot/etc/fstab will be okay.

At this stage we have a fully functioning Slackware install within our chroot environment so now we shall chroot into it. Before we do that we have a little magic to do to ensure it works as expected:

slackbox # mount -o bind /proc /mnt/chroot/proc
slackbox # mount -o bind /dev /mnt/chroot/dev
slackbox # chroot /mnt/chroot /bin/bash

By binding the running system, our main system, /proc and /dev we ensure that all connected hardware works in our chroot. If, however, you have installed the Slackware dev package you may not need to bind /dev to /mnt/chroot/dev. Your Mileage May Vary on this particular thing.

It is worth noting that if you decide to (re)build a chroot kernel and if it is a different version from your main systems kernel then you may run into incompatibily problems when you bind /proc to /mnt/chroot/proc. To maintain stability and compatibilty I recommend that unless you know precisely what you are doing and that you know precisely what issues can happen and how to get around those issues then you do not build a kernel within your chroot. That said, for the more technically inclined amongst you, if you do decide or want to test vastly differing kernels within your chroot then do not do the /proc binding line above but instead do the following line once you are within your chroot:

chroot-1 # mount -t proc none /proc

Mounting /proc is this manner may also remove the need to issue startx -- :1 when we setup our X environment later in this how to.

The first thing you should do once you are sat within your chroot is to ensure libraries, and if using X, fonts are available.

chroot-1 # ldconfig

And for fonts do:

chroot-1 # fc-cache

You are now sat on your newly created chrooted Slackware install.

What can we do now? Well, how about give your chroot environment a hostname other than darkstar?

slackbox # cp /etc/HOSTNAME /mnt/chroot/etc/

The above line will give your chroot the same hostname as your main environment. Not everyone wants this so make the change permanent in /mnt/chroot/etc/rc.d/rc.M by editing the hostname line in that file. Next time you login to your chroot, your chroot will now have its very own name.

If you have followed this document from the beginning then what you have created is a fully functioning Slackware install within which you can do anything you like without infecting your main Slackware installation. To exit from a chroot jail simply type `exit'. Once you have typed that and hit <Enter> you will be back on your main environment.

Typing chroot /mnt/chroot /bin/bash is all well and good but this could create all sorts of problems further down the line. It is much better to start another login process where you can login to the chroot directly and ensure the environment is clean.

On a typical Slackware setup tty1 through tty6 are linux consoles. Xorg typically runs on the first available one counting from tty1 up until it finds the first free one which will be tty7 on a typical Slackware install so it is safe for us to use tty8:

slackbox # echo "c7:1235:respawn:/usr/bin/chroot /mnt/chroot "\
           "/sbin/agetty 38400 tty8" >>/etc/inittab
slackbox # init q                           # This reloads init

Now whenever you press ALT-F8 (from console) or CTRL-ALT-F8 (from within X) your chroot environment will be launched if not started or you will rejoin it if it is.

Setting up X for chroot

Running X with KDE or Gnome2 or WindowMaker within your chroot is entirely possible.

First we should install the packages and copy our working Xorg.conf from our main environment to our chrooted one:

slackbox # installpkg -root /mnt/chroot x/*.tgz
slackbox # installpkg -root /mnt/chroot xap/*.tgz
slackbox # installpkg -root /mnt/chroot kde/*.tgz
slackbox # cp /etc/X11/xorg.conf /mnt/chroot/etc/X11/xorg.conf

If you use GDM, KDM or XDM then we should edit those to reflect the chroot. Because you are likely to have X running already GDM, KDM and friends will have to be started on another free Virtual terminal. My own preference is to type startx (startx -- :1) at the prompt so my skills in this are severely restricted. Therefore I cannot advise on how one should go about doing this for GDM/KDM and friends. Can GDM/KDM etc be started with something similar to startx -- :1? I have no idea. Sorry.

Final Remarks

Here is a recap up to being able to chroot.

slackbox # mkdir -p /mnt/chroot
slackbox # cd /mnt/sources/slackware-11.0/slackware # Edit to suit.
slackbox # installpkg -root /mnt/chroot/ a/*.tgz
slackbox # installpkg -root /mnt/chroot ap/*.tgz
slackbox # installpkg -root /mnt/chroot l/*.tgz
slackbox # installpkg -root /mnt/chroot n/*.tgz
slackbox # cp /etc/hosts /mnt/chroot/etc/hosts
slackbox # cp /etc/fstab /mnt/chroot/etc/fstab
# Now we chroot into our chroot environment
slackbox # mount -o bind /proc /mnt/chroot/proc
slackbox # mount -o bind /dev /mnt/chroot/dev
slackbox # chroot /mnt/chroot /bin/bash

We did more but the above is enough to get us a chroot environment. What extras you add from here is up to you. Above I showed you how to add X + GUI and how to set up /etc/inittab so that our chroot environment has its own tty and I also showed you how to setup a chrooted X environment so that it too has its own VC separate from the main X VC. All these things and more are only limited by your imagination so go and play and most of all enjoy yourself.

Finally, that script I promised you that will download the Slackware packages and install them within the chroot directory.

#!/bin/bash
#
# This will download Slackware 11.0 packages and install them
# within a directory into which we will chroot.
# change this to wherever your own chroot directory is
CHROOTDIR=/mnt/chroot # Edit this to wherever you want your chroot.
ncftp <<**
open slackware.at
cd slackware-11.0/slackware
mget -r a/*
mget -r ap/*
mget -r l/*
mget n/*
# if you want X then uncomment these 3 lines
#mget -r x/*
#mget -r xap/*
#mget -r kde/*
exit
**
for FILE in *
do
installpkg -root $CHROOTDIR $FILE
done

Once the above script has been executed then your chroot environment is ready. Follow this document from where we chroot in.

BerliOS Logo