Questions tagged [chroot]
A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children.
chroot
381
questions
76
votes
1
answer
29k
views
Chroot vs Docker
I'm trying to learn the basics about containers (Docker in this case). As far as I learn from the Docker doc and several readings, Docker basically provides isolation by running the container using ...
- 16.9k
39
votes
2
answers
19k
views
Shared library in containers
For two processes A and B, the both use the library libc.so, libc.so is loaded into memory only once. This is a normal situation when A and B both run on the same host and the same rootfs.
When it ...
- 471
27
votes
9
answers
12k
views
debootstrap inside a docker container
Here's my problem: I want to build a chroot environment inside a docker container. The problem is that debootstrap cannot run, because it cannot mount proc in the chroot:
W: Failure trying to run: ...
- 577
24
votes
6
answers
52k
views
How to run a command in a chroot jail not as root and without sudo?
I'm setting up a minimal chroot and want to avoid having sudo or su in it but still run my processes as non-root. This is a bit of a trick as running chroot requiers root. I could write a program that ...
- 76.9k
22
votes
8
answers
17k
views
Detecting a chroot jail from within
How can one detect being in a chroot jail without root privileges? Assume a standard BSD or Linux system. The best I came up with was to look at the inode value for "/" and to consider whether it is ...
- 233
21
votes
3
answers
51k
views
Bash: executing commands from within a chroot and switch user
Im writing a script that should do this...
chroot /chroot_dir/ su -
./startup.sh (This should run within the su environment)
I have tried this approach:
chroot /chroot_dir /bin/bash -c " su -; ./...
- 1,207
21
votes
2
answers
21k
views
Shell Script that does chroot and execute commands in chroot
If in shell script I write
chroot /home/mayank/chroot/codebase
cd SBC
when I run this shell script It does go in the chroot but does not execute the command cd SBC,
when I exit chroot then it ...
- 445
21
votes
1
answer
3k
views
Chrooted PHP-FPM script cannot resolve DNS after a moment
I need some help to understand why a PHP-FPM chrooted PHP script fails to resolve an FQDN few instants after the PHP-FPM service started.
When I (re)start the PHP-FPM service, it works (resolution ...
- 2,160
18
votes
4
answers
32k
views
Public key authorization on sftp chroot directory
I want to add public key authorization to my sftp chroot directory but I allways get:
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/test/.ssh/id_rsa
debug3: ...
- 1,353
13
votes
2
answers
8k
views
Python: Securing untrusted scripts/subprocess with chroot and chjail?
I'm writing a web server based on Python which should be able to execute "plugins" so that functionality can be easily extended.
For this I considered the approach to have a number of folders (one ...
- 19.8k
13
votes
3
answers
3k
views
How can I get DNS resolution to work inside a Mac OS X `chroot` on El Capitan?
I'm trying to create a chroot to run a program that needs internet access to build myself a sandboxed, immutable developer environment. So far my jail is working well: I can run bash inside it and run ...
- 1,715
12
votes
3
answers
2k
views
How does chroot affect dynamic libraries memory use?
Although there is another question with similar topic, it does not cover the memory use by the shared libraries in chrooted jails.
Let's say we have a few similar chroots. To be more specific, ...
- 6,095
12
votes
2
answers
5k
views
Can I restrict access to certain files for a certain process?
Is it possible to start a process in Linux, and restrict its access to certain files/directories? For example:
$ start-process --enable-dir=./sandbox --exec="some-script.sh"
some-script.sh won't be ...
- 103k
10
votes
2
answers
19k
views
run chroot within docker
I've a commercial app, that is shipped in a chroot environment : the startup script is making the chroot, and starting the exe.
The App is pretty complex, and also for support purposes, I don't want ...
- 724
10
votes
2
answers
4k
views
Is it possible let chroot jails share directories(read-only) outside the jail?
I have muliple chroot jails, I want them to share
some directories, currently I have to copy these directories into
jails which I think is not elegant. The directories are read-only, like '/usr/bin'.
- 5,274
9
votes
4
answers
12k
views
does chroot() require root privileges?
When I try to use chroot with "." or the complete pathname as argument, perror tells me "Operation not permitted".
If the answer to my question is yes, is there another way to ...
- 133
9
votes
2
answers
5k
views
OSX and chroot unable to find /bin/bash
I am trying to get chroot to work on my mac book. I setup the jail dir to contain all the requirements for /bin/sh and /bin/bash (recursively called /usr/bin/otool)
# ls /var/chroot/*/*
/var/chroot/...
- 2,048
9
votes
1
answer
1k
views
Gentoo + debootstrap failing when used with fakeroot and fakechroot
I'm using a Gentoo box and I want to create Debian-based chroot environments without using the root account or sudo.
This seems to be possible using tools such as fakeroot and fakechroot, but so far I ...
- 2,562
8
votes
5
answers
2k
views
chroot + execvp + bash
Update
Got it! See my solution (fifth comment)
Here is my problem:
I have created a small binary called "jail" and in /etc/password I have made it the default shell for a test user.
Here is the -- ...
- 374
7
votes
1
answer
2k
views
bypass dev/urandom|random for testing
I want to write a functional test case that tests a program with a known value for random numbers. I have already tested it with mocks during the unit testing. But I would like that for functional ...
- 14.2k
7
votes
3
answers
1k
views
Running arbitrary unfriendly Python code on my server
I'm making a game where users can write Python programs to control robots that fight each other. Every turn (in a thousand-turn game) their script will be run on my server to determine the robot's ...
user2058002
7
votes
3
answers
700
views
Differentiate each apache user and give permissions
In a web application, I want to create a folder for each www-data user and give write permissions just on that folder, and just to that user.
AFTER VALIDATION I can do:
mkdir($file->getPath()....
- 25.2k
7
votes
2
answers
11k
views
Running mysql in chroot
I've got a chroot environment working on my 10.04 ubuntu box. I'm trying to run mysql inside this chroot environment, but I get this error.
ERROR 2002 (HY000): Can't connect to local MySQL server ...
- 13.5k
7
votes
1
answer
322
views
kvm setup for linux without default modules
Ok, so the KVM setup guide in this question does not work for me,
this is because I am using crouton with a trusty (14.04) chroot.
Apparently somewhere along the line kvm modules were not shipped ...
- 1,772
7
votes
1
answer
41k
views
chroot: failed to run command ‘/bin/bash’: No such file or directory
In the process of trying to rescue an unbootable Debian Jessie system, I get the following error when trying to chroot:
chroot: failed to run command ‘/bin/bash’: No such file or directory
I have ...
- 167
6
votes
6
answers
13k
views
How to jail linux user
Is there something similar to chroot, but for users?
We are about to grant access to our servers for a client and would like them to see only the directories we allow.
- 5,858
6
votes
3
answers
17k
views
SFTP inline put without interaction
I am trying to automate an application deployment as part of this I need to upload a file to a server. I have created a minimal user and configured chroot for the SFTP server but I can't work out how ...
- 1,643
6
votes
2
answers
6k
views
Best Ubuntu setup for 32-bit *AND* 64-bit Qt app development?
I'm developing a qt-based application and i would like to develop both 32 and 64bit version of the application on the same machine, sharing the same sources, scripts, etc..
The machine is an Ubuntu ...
- 3,429
6
votes
1
answer
3k
views
How does chroot affect dynamic linking?
Here's the scenario I'm having:
I've created a debootstrap ubuntu maverick (64-bit) environment. I placed it at /env/mav/ on my ubuntu (64-bit) lucid system. I can chroot into /env/mav and can ...
- 3,606
6
votes
1
answer
3k
views
How unshare makes possible to use chroot without real root?
chroot needs CAP_SYS_CHROOT according to the manual. The unshare command uses chroot.
The command unshare -UrR newroot/ will work without being run as root, which makes sense since the -r flag makes ...
- 1,019
6
votes
1
answer
2k
views
How to use BPF to filter kernel function arguments?
How to use the Berkeley Packet Filter (BPF) to filter function arguments in kernel? The function should be any non-inline functions, rather than only system calls. Also, it is better that the pointers ...
- 970
6
votes
1
answer
6k
views
Override libc functions called from another libc function with LD_PRELOAD
I've a project aiming to run php-cgi chrooted for mass virtual hosting (more than 10k virtual host), with each virtual host having their own chroot, under Ubuntu Lucid x86_64.
I would like to avoid ...
- 241
5
votes
6
answers
7k
views
fork/chroot equivalent for Windows server application
I have written a small custom web server application in C running on Linux. When the application receives a request it calls fork() and handles the request in a separate process, which is chrooted ...
- 20.1k
5
votes
2
answers
13k
views
What Jail/Chroot/Sandbox-like mechanisms are available on OpenBSD? [closed]
I have recently started using OpenBSD. And I want to create easy fire-and-forget containers/VM or something es (it should be used as a Sandbox).
The user can upload his source code (C++/Java/Perl), ...
- 1,335
5
votes
5
answers
2k
views
On Linux do people chroot a Java Web Application or use IPTables and run as non-root?
When you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the server as:
As root in hopefully a ...
- 48.4k
5
votes
3
answers
12k
views
AttributeError: module 'os' has no attribute 'chroot'
Below is my very basic code running in spyder & python is choking, what am I doing wrong?
import csv,os,sys
path = os.getcwd()
print (path)
os.chroot(path)
I get following error message:
os....
- 59
5
votes
2
answers
636
views
Is it possible to run users' jobs in chroot environment using Slurm
I'm using Slurm. I want users only to access their own /home/ directory (or directory that they executed their job), ubuntu packages that is installed by the sudo user, and binary files user /bin, ...
- 3,208
5
votes
1
answer
5k
views
How to allow chroot-ed user both SSH and SFTP access [closed]
I currently know how to allow a user either SSH or sFTP by editing:
/etc/ssh/sshd_config
This lets the user login with SSH but not SFTP:
Subsystem sftp /usr/lib/openssh/sftp-server
Match group ...
- 488
5
votes
0
answers
270
views
How to create chroot environment in sles 12?
I am trying to create a chroot environment in sles 12. Is there any tool available which can automate the task for me, like we have mock for Fedora?
TIA
- 3,453
4
votes
5
answers
3k
views
How to exit a chroot inside a perl script?
While writing a perl script intended to fully automate the setup of virtual machines (Xen pv) I hit a small maybe very simple problem.
Using perl's chroot function I do my things on the guest file ...
- 929
4
votes
4
answers
2k
views
How to (legitimately) access files after putting self into chrooted sandbox?
Changing a Linux C++ program which gives the user limited file access. Thus the program chroots itself to a sandbox with the files the user can get at. All worked well.
Now, however, the program ...
- 2,698
4
votes
2
answers
2k
views
How to build to chroot using Eclipse CDT?
I've got a chroot environment with everything needed for building a complex C++ project, using make (it's for a specific Linux distribution).
I would like to use Eclipse CDT (outside the chroot ...
- 2,712
4
votes
3
answers
8k
views
Access Google Drive locally on Chromebook via Crouton
I am using a Samsung Chromebook with the Crouton chroot environment (https://github.com/dnschneid/crouton). This has revolutionized my view of how practical a Chromebook can be for developer-type ...
- 1,190
4
votes
1
answer
3k
views
Why use Pythons 'virtualenv' on Linux when one has 'chroot' (and union/overlay filesystems)?
First of all let me state that I am a proponent of generic software (in general ;-). I am no expert on Python, but it seems that the 'virtualenv' utility solves pretty much the same problem 'chroot' ...
- 8,856
4
votes
1
answer
2k
views
Configuring devices in chroot-environment OpenBSD
I have been scratching my head for a while now and cannot find a way to make it work...
I want to run some cgi scripts (written in Python) on my OpenBSD server. Since the web-server on OpenBSD runs ...
- 858
4
votes
2
answers
1k
views
chroot alternative for threads
I know that you can't technically chroot a thread, but I'm looking for functional alternatives that would limit the amount of permissions to an existing set of tasks within a thread.
Edit: This is ...
- 1,815
4
votes
2
answers
3k
views
Python error when runs in chroot
I try to run some Python programs in chroot and I get the following error
Could not find platform independent libraries <prefix>
Could not find platform dependent libraries <exec_prefix>
...
- 6,541
4
votes
2
answers
943
views
C : system() call inside chroot
I have a program written in C, which runs chrooted, inside a jail, that makes some system calls e.g system ( "ls" ). The problem is that the program does not execute the system calls when I run it ...
- 6,541
4
votes
1
answer
231
views
What is needed to run a Haskell program in a jailed environment
I want to run a simple Haskell program from a jailed environment that I construct myself. The following Haskell program I want to run:
import System.IO
main = do
hPutStrLn stderr "test standard ...
- 73
4
votes
1
answer
224
views
Detect program launch in another thread on linux [closed]
I am trying to sandbox ELF binaries by (among other things) chrooting them after they have been launched. To do so, a child process cloned with the CLONE_FS tag performs a chroot, while the parent ...
- 267