Open in app

Sign in

Write

Sign in

Its all about Chroot

(λx.x)eranga
Effectz.AI
Published in
4 min readApr 10, 2016

UNIX file system

About unix file system

Unix file system organized as a tree structure. Filesystem Hierarchy Standard (FHS) defines the structure of file systems on unix. Everything in Unix is considered to be a file, including physical devices such as DVD-ROMs, USB devices, floppy drive and etc.

UNIX file system hierarchy

Every Unix file system has a root(/) directory. This is the base of the file system. Root directory contains sub directories like usr, bin, home, dev, boot. Each and every these directories contains their own sub directories and so on.

This file system identifies as root file system.

Chroot

About chroot

Creating new root file system inside existing file system known as change root or chroot. A process/command that is run in this new environment cannot access files outside the root directory. This modified environment is commonly known as jailed directory or chroot jail.

Advantages of chroot

  1. Setup test environments
  2. Run programs in independent environments(for an example run old programs, without crashing the system)
  3. Reinstall bootloader(grub, lilo etc)
  4. System recovery
  5. Password recovery

Chroot() system call

Chroot can be done via chroot() system call. The chroot() system call is only available to the root user. A non-root user cannot execute a chroot() call

Create chroot environment

Scenario

In here I’m gonna describe the basic steps to create a jail. From another post I hoping to cover how install nginx and apache with chroot.

Create isolated environment

First needs to create isolated directory. This is our chroot jail directory.

Chroot the jail directory

Create chroot environment in jail directory.

When first time executing this command it will gives following error

This is due to chroot wasn't able to find the bash shell. This highlights an important concept of creating a new root file system. The new file system has no access to anything from the original file system, including any commands.

Copy bash and libraries to jail directory

Bash exists in /bin/bash copy it to jail/bin/bash and try to chroot again.

It still failing. This is due to dynamic libraries used by bin/bash. To execute a command in chroot environment, all libraries(dynamic libraries) used by a command must also be copied to the chroot jail.

Copy dynamic libraries

We need to identify the libraries used by the command first. Following is the way to view the libraries used by a command.

Following are the libraries used by /bin/bash command.

Copy these libraries to new jail environment’s lib and lib64.

Finally it works.

Now you are in a new jail environment. This is fresh linux root directory. Have nothing on it even ls command.

You have to setup/install all the required packages manually in here. Let’s copy ls command and libraries.

Now ls command should work inside our new chroot jail.

Linux
Chroot
Containers
Docker
DevOps

--

--

(λx.x)eranga
Effectz.AI

Written by (λx.x)eranga

2.5K Followers
Editor for

Ego = 1/Knowledge

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams