There are a number of reasons you might want to isolate an application, a user, or an environment from your Linux system. Different operating systems have different implementations, and in Linux, a typical way is to chroot the environment.
In this tutorial, I'll take step-by-step instructions on how to use the chroot command to configure a separate environment from the real system. This feature can be used primarily for testing projects, and the following steps are performed on the Ubuntu 14.04 Virtual Private Server (VPS).
Learning to quickly build a simple chroot environment is a very practical skill that most system administrators can benefit from.
Chroot Environment
A chroot environment is a temporary root directory of a local directory through system calls. Generally speaking, the system root is the mount point "/", however, after using the chroot command, you can use a different directory as the root directory.
In principle, any application running in the chroot environment will not be able to access other information in the system (LCTT: Use chroot to turn a directory into a root directory, applications running inside can access only the files in this directory, and cannot access files outside the directory.) However, applications running in chroot environments can access information outside the environment through the Sysfs file system, so there is a "in principle" modifier.
The use of Chroot environment
Testing an unstable application service does not affect the entire host system.
Even if the use of root permissions to do some improper operation, the chroot environment made a mess, will not affect the host system.
You can run another operating system on your system.
For example, you can compile, install, and test software in a chroot environment without moving the real system. You can also use Chroot in 64-bit environments to create a 32-bit environment, and then run a 32-bit program (LCTT: If your real environment is 32-bit, you can't chroot a 64-bit environment).
But for security reasons, the Chroot environment sets very strict limits for unprivileged users, rather than providing a complete security policy. If you need to have a perfect security strategy for the isolation program, you can consider the LXC, Docker, Vservers and so on.
Debootstrap and Schroot
Using the CHROOT environment requires the installation of Debootstrap and Schroot, both of which are in the image source of Ubuntu. Where Schroot is used to create the chroot environment.
Debootstrap allows you to install any Debian (or Debian based) system from a mirrored source, and the installed system contains the most basic commands.
The Schroot command allows users to use the same mechanism to create a chroot environment, but does some checking of permissions when accessing the chroot environment, and allows users to make additional automatic settings, such as mounting some file systems.
On the Ubuntu 14.04 LTS, there are two steps we can take to implement this feature:
1. Install package
The first step is to install Debootstrap and schroot on the Ubuntu 14.04 LTS host system:
The code is as follows:
$ sudo apt-get install Debootstrap
$ sudo apt-get install Schroot
2. Configure Schroot
Now that we have tools in hand, we need to specify a directory as our chroot environment. Create a directory here first:
The code is as follows:
sudo mkdir/linoxide
To edit a Schroot profile:
The code is as follows:
sudo nano/etc/schroot/schroot.conf
Again, we are now on the Ubuntu 14.04 LTS system. If we want to test whether a package can be run on Ubuntu 13.10 (code-named "Saucy Salamander"), you can add the following in the configuration file:
The code is as follows:
[Saucy]
Description=ubuntu Saucy
Location=/linoxide
Priority=3
Users=arun
Root-groups=root
According to your system requirements, adjust the above configuration information.
3. Install 32-bit Ubuntu system using Debootstrap
The debootstrap command will download and install a minimal system in your chroot environment. As long as you have access to the mirror source, you can install any version of the system based on Debian.
We have already created the/linoxide directory to place the chroot environment, and now we can run the Debootstrap in this directory:
The code is as follows:
Cd/linoxide
sudo debootstrap--variant=buildd--arch amd64 saucy/linoxide/http://archive.ubuntu.com/ubuntu/
sudo chroot/linoxide/debootstrap/debootstrap--second-stage
You can change the--arch arguments to i386 or other schemas as long as there is a mirror source for this schema. You can also change the mirror source http://archive.ubuntu.com/ubuntu/to your nearest mirror source, and refer to the Ubuntu Official image homepage.
Note: If you are creating a 32-bit system in a 64-bit system, you need to add the--foreign option to line 3rd above, as in the following command:
The code is as follows:
sudo debootstrap--variant=buildd--foreign--arch i386 saucy/linoxide/http://archive.ubuntu.com/ubuntu/
Download takes a while to see your network bandwidth performance. The minimum system is about 500M.
4. Complete Chroot Environment
After installing the system, we need to do some finishing work to make sure the system is working properly. First, to ensure that the host's Fstab program is aware of the existence of the chroot environment:
The code is as follows:
sudo nano/etc/fstab
Add the following configuration to the last face of the file:
The code is as follows:
PROC/LINOXIDE/PROC proc Defaults 0 0
Sysfs/linoxide/sys Sysfs Defaults 0 0
Save and close the file.
Mount some file systems to the CHROOT environment:
The code is as follows:
$ sudo mount PROC/LINOXIDE/PROC-T proc
$ sudo mount Sysfs/linoxide/sys-t Sysfs
Copy the/etc/hosts file to the chroot environment so that the chroot environment can use the network:
The code is as follows:
$ sudo cp/etc/hosts/linoxide/etc/hosts
Finally, use the SCHROOT-L command to list all the chroot environments on the system:
The code is as follows:
$ schroot-l
Use the following command to enter the CHROOT environment:
The code is as follows:
$ sudo chroot/linoxide//bin/bash
To test the installed version:
The code is as follows:
# lsb_release-a
# uname-a
In order to use the graphical interface in the chroot environment, you need to set the DISPLAY environment variable:
The code is as follows:
$ display=:0.0./apps
So far, I have successfully installed Ubuntu 13.10 on the Ubuntu 14.04 LTS.
Exit Chroot Environment:
The code is as follows:
# exit
Clean up and uninstall the file system:
The code is as follows:
$ sudo umount/test/proc
$ sudo umount/test/sys