schroot(1)
NAME
schroot - securely enter a chroot environment
SYNOPSIS
schroot [-h|--help | -V|--version | -l|--list | -i|--info | --config | --location | --automatic-session | -b|--begin-session | --recover-session | -r|--run-session | -e|--end-session] [-f|--force] [-n session-name|--session-name=session-name] [-d directory|--directory=directory] [-u user|--user=user] [-p|--preserve-environment] [-s shell|--shell=shell] [-q|--quiet | -v|--verbose] [-c chroot|--chroot=chroot | [--all | --all-chroots | --all-source-chroots | --all-sessions] [--exclude-aliases]] [-o|--option=key=value] [--] [COMMAND [ ARG1 [ ARG2 [ ARGn]]]]
DESCRIPTION
schroot allows the user to run a command or a login shell in a chroot environment. If no command is specified, a login shell will be started in the user's current working directory inside the chroot. The command is a program, plus as many optional arguments as required. Each argument may be separately quoted. The directory the command or login shell is run in depends upon the context. See --directory option below for a complete description. All chroot usage will be logged in the system logs. Under some circumstances, the user may be required to authenticate themselves; see the section "Authentication", below. If no chroot is specified, the chroot name or alias 'default' will be used as a fallback. This is equivalent to "--chroot=default".
OVERVIEW
There is often a need to run programs in a virtualised environment
rather than on the host system directly. Unlike other virtualisation
systems such as kvm or Xen, schroot does not virtualise the entire
system; it only virtualises the filesystem, and some parts of the
filesystem may still be shared with the host. It is therefore fast,
lightweight and flexible. However, it does not virtualise other
aspects of the system, such as shared memory, networking, devices etc.,
and so may be less secure than other systems, depending upon its
intended use. Some examples of existing uses for schroot include:
* Running an untrusted program in a sandbox, so that it can't
interfere with files on the host system; this may also be used
to limit the damage a compromised service can inflict upon the
host
* Using a defined or clean environment, to guarantee the
reproducibility and integrity of a given task
* Using different versions of an operating system, or even
different operating systems altogether, e.g. different GNU/Linux
distributions
* Running 32-bit programs using a 32-bit chroot on a 64-bit host
system
* Automatic building of Debian packages using sbuild(1), which
builds each package in a pristine chroot snapshot when using LVM
snapshots or unions
* Supporting multiple system images in a cluster setup, where
modifying the base image is time-consuming and/or supporting all
the required configurations needed by users is difficult:
different chroots can support all the different configurations
required, and cluster users may be given access to the chroots
they need (which can include root access for trusted users to
maintain their own images)
A chroot may be used directly as root by running chroot(8), but normal
users are not able to use this command. schroot allows access to
chroots for normal users using the same mechanism, but with several
additional features. While schroot uses a directory as a chroot just
like chroot(8), it does not require this to be a regular directory in
the filesystem. While this is the default, the chroot can also be
created from a file, a filesystem, including LVM and Btrfs snapshots
and loopback mounts, or composed of a unionfs overlay. Being user-
extensible, the scope for creating chroots from different sources is
limited only by your imagination. schroot performs permissions
checking and allows additional automated setup of the chroot
environment, such as mounting additional filesystems and other
configuration tasks. This automated setup is done through the action
of setup scripts which may be customised and extended to perform any
actions required. Typical actions include mounting the user's home
directory, setting up networking and system databases, and even
starting up services. These are again entirely customisable by the
admin. The setup scripts are run for all types of chroot, with the
exception of the 'plain' type, the simplest chroot type, offering no
automated setup features at all. The configuration of schroot is
covered in more detail in schroot.conf(5).
OPTIONS
schroot accepts the following options:
Actions
-h, --help
Show help summary.
-V, --version
Print version information.
-l, --list
List all available chroots.
-i, --info
Print detailed information about the specified chroots.
--config
Print configuration of the specified chroots. This is useful
for testing that the configuration in use is the same as the
configuration file. Any comments in the original file will be
missing.
--location
Print location (path) of the specified chroots. Note that
chroot types which can only be used within a session will not
have a location until they are active.
General options
-q, --quiet
Print only essential messages.
-v, --verbose
Print all messages.
Chroot selection
-c, --chroot=chroot
Specify a chroot or active session to use. This option may be
used multiple times to specify more than one chroot, in which
case its effect is similar to --all. The chroot name may be
prefixed with a namespace; see the section "Chroot Namespaces",
below.
-a, --all
Select all chroots, source chroots and active sessions. When a
command has been specified, the command will be run in all
chroots, source chroots and active sessions. If --info has been
used, display information about all chroots. This option does
not make sense to use with a login shell (run when no command
has been specified). This option is equivalent to
"--all-chroots --all-source-chroots --all-sessions".
--all-chroots
Select all chroots. Identical to --all, except that source
chroots and active sessions are not considered.
--all-sessions
Select all active sessions. Identical to --all, except that
chroots and source chroots are not considered.
--all-source-chroots
Select all source chroots. Identical to --all, except that
chroots and sessions are not considered.
--exclude-aliases
Do not select aliases in addition to chroots. This ensures that
only real chroots are selected, and are only listed once.
Chroot environment
-d, --directory=directory
Change to directory inside the chroot before running the command
or login shell. If directory is not available, schroot will
exit with an error status.
The default behaviour is as follows (all directory paths are
inside the chroot). A login shell is run in the current working
directory. If this is not available, it will try $HOME (when
--preserve-environment is used), then the user's home directory,
and / inside the chroot in turn. A command is always run in the
current working directory inside the chroot. If none of the
directories are available, schroot will exit with an error
status.
-u, --user=user
Run as a different user. The default is to run as the current
user. If required, the user may be required to authenticate
themselves with a password. For further information, see the
section "Authentication", below.
-p, --preserve-environment
Preserve the user's environment inside the chroot environment.
The default is to use a clean environment; this option copies
the entire user environment and sets it in the session. The
environment variables allowed are subject to certain
restrictions; see the section "Environment", below.
-s, --shell=shell
Use shell as the login shell. When running a login shell a
number of potential shells will be considered, in this order:
the command in the SHELL environment variable (if
--preserve-environment is used, or preserve-environment is
enabled), the user's shell in the 'passwd' database, /bin/bash
and finally /bin/sh. This option overrides this list, and will
use the shell specified. This option also overrides the shell
configuration key, if set.
-o, --option=key=value
Set an option. The value of selected configuration keys in
schroot.conf may be modified using this option. The key must be
present in the user-modifiable-keys configuration key in
schroot.conf, or additionally the user-modifiable-keys key if
running as (or switching to) the root user. The key and value
set here will be set in the environment of the setup scripts,
and may hence be used to customise the chroot on a per-session
basis.
Session actions
--automatic-session
Begin, run and end a session automatically. This is the default
action, so does not require specifying in normal operation.
-b, --begin-session
Begin a session. A unique session identifier (session ID) is
returned on standard output. The session ID is required to use
the other session options. Note that the session identifier may
be specified with the --session-name option.
--recover-session
Recover an existing session. If an existing session has become
unavailable, for example becoming unmounted due to a reboot,
this option will make the session available for use again, for
example by remounting it. The session ID is specified with the
--chroot option.
-r, --run-session
Run an existing session. The session ID is specified with the
--chroot option.
-e, --end-session
End an existing session. The session ID is specified with the
--chroot option.
Session options
-n, --session-name=session-name
Name a session. The specified session-name replaces the default
session name containing an automatically-generated session ID.
The session name must not contain a namespace qualifier, since
sessions are always created within the 'session:' namespace.
The session name is also subject to the chroot naming
restrictions documented in schroot.conf(5).
-f, --force
Force a session operation, even if it would otherwise fail.
This may be used to forcibly end a session, even if it has
active users. This does not guarantee that the session will be
ended cleanly; filesystems may not be unmounted, for example.
Separator
-- End of options. Used to indicate the end of the schroot
options; any following options will be passed to the command
being run, rather than to schroot.
AUTHENTICATION
If the user is not an allowed user, or a member of the allowed groups (or if changing to root, the allowed root users or allowed root groups) for the specified chroot(s), permission will be immediately denied. If switching users, and the user running the command has access, the user will be required to authenticate themselves using the credentials of the user being switched to. On systems supporting Pluggable Authentication Modules (PAM), schroot will use PAM for authentication and authorisation of users. If and when required, schroot will prompt for a password. If PAM is not available, all authentication will automatically fail (user switching is not supported without PAM). Note that when PAM is in use, the root user is not granted any special privileges by default in the program. However, the default PAM configuration permits root to log in without a password (pam_rootok.so), but this may be disabled to prevent root from accessing any chroots except if specifically permitted. In such a situation, root must be added to the allowed users or groups as for any other user or group. If PAM is not available, the root user will be permitted to access all chroots, even when not explicitly granted access.
CHROOT NAMESPACES
Namespace basics There are three different types of chroot: regular chroots, source chroots and session chroots. These different types of chroot are separated into different namespaces. A namespace is a prefix to a chroot name. Currently there are three namespaces: 'chroot:', 'source:' and 'session:'. Use --list --all to list all available chroots in all namespaces. Because ':' is used as the separator between namespace and chroot names, it is not permitted to use this character in chroot names. Depending upon the action you request schroot to take, it may look for the chroot in one of the three namespaces, or a particular namespace may be specified. For example, a chroot named "sid" is actually named "chroot:sid" if the namespace is included, but the namespace may be omitted for most actions. Source chroots Some chroot types, for example LVM snapshots and Btrfs snapshots, provide session-managed copy-on-write snapshots of the chroot. These also provide a source chroot to allow easy access to the filesystem used as a source for snapshotting. These are regular chroots as well, just with the snapshotting disabled. For a chroot named "sid-snapshot" (i.e. with a fully qualified name of "chroot:sid-snapshot"), there will also be a corresponding source chroot named "source:sid-snapshot". Earlier versions of schroot provided source chroots with a '-source' suffix. These are also provided for compatibility. In this example, this would be called "chroot:sid-snapshot-source". These compatibility names will be dropped in a future version, so programs and scripts should switch to using the namespace-qualified names rather than the old suffix. Session chroots All sessions created with --begin-session are placed within the 'session:' namespace. A session named with --session-name may have any name, even the same name as the chroot it was created from, providing that it is unique within this namespace. This was not permitted in previous versions of schroot which did not have namespaces. Actions and default namespaces All actions use 'chroot:' as the default namespace, with some session actions being the exception. --run-session, --recover-session and --end-session use 'session:' as the default namespace instead, since these actions work on session chroots. The upshot is that the namespace is usually never required except when you need to work with a chroot in a namespace other than the default, such as when using a source chroot. To make chroot selection unambiguous, it is always possible to use the full name including the namespace, even when not strictly required.
PERFORMANCE
Performance on some filesystems, for example Btrfs, is bad when running dpkg due to the amount of fsync operations performed. This may be mitigated by installing the eatmydata package and then adding eatmydata to the command-prefix configuration key, which disables all fsync operations. Note that this should only be done in snapshot chroots where data loss is not an issue. This is useful when using a chroot for package building, for example.
DIRECTORY FALLBACKS
schroot will select an appropriate directory to use within the chroot
based upon whether an interactive login shell will be used, or a
command invoked, and additionally if the --directory option is used.
In the case of running commands directly, or explicitly specifying a
directory, only one directory will be used for safety and consistency,
while for a login shell several possibilities may be tried. The
following subsections list the fallback sequence for each case. CWD is
the current working directory, DIR is the directory specified with
--directory.
Login shell
Transition
(Host Chroot) Comment
CWD CWD Normal behaviour (if --directory is not
used)
CWD $HOME If CWD is nonexistent and
--preserve-environment is used
CWD passwd pw_dir If CWD is nonexistent (or
--preserve-environment is used and no
$HOME exists)
CWD / None of the above exist
FAIL If / is nonexistent
Command
Transition
(Host Chroot) Comment
CWD CWD Normal behaviour (if --directory is not
used)
FAIL If CWD is nonexistent
No fallbacks should exist under any circumstances.
--directory used
Transition
(Host Chroot) Comment
CWD DIR Normal behaviour
FAIL If DIR is nonexistent
No fallbacks should exist under any circumstances.
Debugging
Note that --debug=notice will show the internal fallback list computed
for the session.
EXAMPLES
List available chroots
% schroot -l
chroot:default
chroot:etch
chroot:sid
chroot:testing
chroot:unstable
Get information about a chroot
% schroot -i -c sid
--------- Chroot ---------
Name sid
Description Debian sid (unstable)
Type plain
Priority 3
Users rleigh
Groups sbuild
Root Users
Root Groups sbuild
Aliases unstable unstable-sbuild unstable-p
owerpc-sbuild
Environment Filter ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
RMPATH)$
Run Setup Scripts true
Script Configuration script-defaults
Session Managed true
Personality linux32
Location /srv/chroot/sid
Use --all or -c multiple times to use all or multiple chroots,
respectively.
Running commands in a chroot
% schroot -c sid /bin/ls
[sid chroot] Running command: "/bin/ls"
CVS sbuild-chroot.c sbuild-session.h schroot.conf.5
Makefile sbuild-chroot.h schroot.1 schroot.conf.5.in
Makefile.am sbuild-config.c schroot.1.in
Makefile.in sbuild-config.h schroot.c
pam sbuild-session.c schroot.conf
% schroot -c sid -- ls -1 | head -n 5
[sid chroot] Running command: "ls -1"
ABOUT-NLS
AUTHORS
COPYING
ChangeLog
INSTALL
Use -- to allow options beginning with '-' or '--' in the command to
run in the chroot. This prevents them being interpreted as options for
schroot itself. Note that the top line was echoed to standard error,
and the remaining lines to standard output. This is intentional, so
that program output from commands run in the chroot may be piped and
redirected as required; the data will be the same as if the command was
run directly on the host system.
Switching users
% schroot -c sid -u root
Password:
[sid chroot] (rleighroot) Running login shell: "/bin/bash"
#
If the user 'rleigh' was in root-users in /etc/schroot/schroot.conf, or
one of the groups he belonged to was in root-groups, they would be
granted root access without authentication, but the PAM authorisation
step is still applied.
Sessions
A chroot may be needed to run more than one command. In particular,
where the chroot is created on the fly from an LVM LV or a file on
disc, there is a need to make the chroot persistent while a given task
(or set of tasks) is performed. Sessions exist for this purpose. For
simple chroot types such as 'plain' and 'directory', sessions may be
created but are not strictly necessary.
Let's start by looking at a session-capable chroot:
% schroot -i -c sid-snap
--------- Chroot ---------
Name sid-snap
Description Debian sid snapshot
Type lvm-snapshot
Priority 3
Users maks rleigh
Groups sbuild
Root Users
Root Groups root sbuild
Aliases
Environment Filter ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
RMPATH)$
Run Setup Scripts true
Script Configuration script-defaults
Session Managed true
Personality linux
Device /dev/hda_vg/sid_chroot
Mount Options -o atime,async,user_xattr
Source Users
Source Groups root rleigh
Source Root Users
Source Root Groups root rleigh
LVM Snapshot Options --size 2G -c 128
Note that the Session Managed option is set to 'true'. This is a
requirement in order to use session management, and is supported by
most chroot types. Next, we will create a new session:
% schroot -b -c sid-snap
sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
The session ID of the newly-created session is returned on standard
output. It is common to store it like this:
% SESSION=$(schroot -b -c sid-snap)
% echo $SESSION
sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
The session may be used just like any normal chroot. This is what the
session looks like:
% schroot -i -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
--------- Session ---------
Name sid-snap-46195b04-0893-49bf-beb8-0d\
4ccc899f0f
Description Debian sid snapshot
Type lvm-snapshot
Priority 3
Users maks rleigh
Groups sbuild
Root Users
Root Groups root sbuild
Aliases
Environment Filter ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
RMPATH)$
Run Setup Scripts true
Script Configuration script-defaults
Session Managed true
Personality linux
Mount Location /var/lib/schroot/mount/sid-snap-461\
95b04-0893-49bf-beb8-0d4ccc899f0f
Path /var/lib/schroot/mount/sid-snap-461\
95b04-0893-49bf-beb8-0d4ccc899f0f
Mount Device /dev/hda_vg/sid-snap-46195b04-0893-\
49bf-beb8-0d4ccc899f0f
Device /dev/hda_vg/sid_chroot
Mount Options -o atime,async,user_xattr
Source Users
Source Groups root rleigh
Source Root Users
Source Root Groups root rleigh
LVM Snapshot Device /dev/hda_vg/sid-snap-46195b04-0893-\
49bf-beb8-0d4ccc899f0f
LVM Snapshot Options --size 2G -c 128
Now the session has been created, commands may be run in it:
% schroot -r -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f -- \
uname -sr
I: [sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f chroot] Running \
command: "uname -sr"
Linux 2.6.18-3-powerpc
% schroot -r -c $SESSION -- uname -sr
I: [sid-snap-fe170af9-d9be-4800-b1bd-de275858b938 chroot] Running \
command: "uname -sr"
Linux 2.6.18-3-powerpc
When all the commands to run in the session have been performed, the
session may be ended:
% schroot -e -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
% schroot -e -c $SESSION
Finally, the session names can be long and unwieldy. A name may be
specified instead of using the automatically generated session ID:
% schroot -b -c sid-snap -n my-session-name
my-session-name
TROUBLESHOOTING
If something is not working, and it's not clear from the error messages what is wrong, try using the --debug=level option to turn on debugging messages. This gives a great deal more information. Valid debug levels are 'none', and 'notice', 'info', 'warning' and 'critical' in order of increasing severity. The lower the severity level, the more output. If you are still having trouble, the developers may be contacted on the mailing list: Debian buildd-tools Developers <[email protected]>
BUGS
On the mips and mipsel architectures, Linux kernels up to and including at least version 2.6.17 have broken personality(2) support, which results in a failure to set the personality. This will be seen as an "Operation not permitted" (EPERM) error. To work around this problem, set personality to 'undefined', or upgrade to a more recent kernel.
ENVIRONMENT
By default, the environment is not preserved, and the following environment variables are defined: HOME, LOGNAME, PATH, SHELL, TERM (preserved if already defined), and USER. The environment variables SCHROOT_COMMAND, SCHROOT_USER, SCHROOT_GROUP, SCHROOT_UID and SCHROOT_GID are set inside the chroot specifying the command being run, the user name, group name, user ID and group ID, respectively. Additionally, the environment variables SCHROOT_SESSION_ID, SCHROOT_CHROOT_NAME and SCHROOT_ALIAS_NAME specify the session ID, the original chroot name prior to session creation, and the alias used to originally identify the selected chroot, respectively. The following, potentially dangerous, environment variables are removed for safety by default: BASH_ENV, CDPATH, ENV, HOSTALIASES, IFS, KRB5_CONFIG, KRBCONFDIR, KRBTKFILE, KRB_CONF, LD_.*, LOCALDOMAIN, NLSPATH, PATH_LOCALE, RES_OPTIONS, TERMINFO, TERMINFO_DIRS, and TERMPATH. If desired, the environment-filter configuration key will allow the exclusion list to the modified; see schroot.conf(5) for further details.
FILES
Configuration files
/etc/schroot/schroot.conf
The system-wide chroot definition file. This file must be owned
by the root user, and not be writable by other.
/etc/schroot/chroot.d
Additional chroot definitions may be placed in files under this
directory. They are treated in exactly that same manner as
/etc/schroot/schroot.conf. Each file may contain one or more
chroot definitions. Note that the files in this directory
follow the same naming rules as run-parts(8) when run with the
--lsbsysinit option.
/etc/schroot/setup.d
The system-wide chroot setup script directories. See schroot-
setup(5).
/etc/pam.d/schroot
PAM configuration.
System directories
/usr/lib/x86_64-linux-gnu/schroot
Directory containing helper programs used by setup scripts.
Session directories
Each directory contains a directory or file with the name of each
session. Not all chroot types make use of all the following
directories.
/var/lib/schroot/session
Directory containing the session configuration for each active
session.
/var/run/schroot/mount
Directory used to mount the filesystems used by each active
session.
/var/lib/schroot/union/underlay
Directory used for filesystem union source (underlay).
/var/lib/schroot/union/overlay
Directory used for filesystem union writeable overlay.
/var/lib/schroot/unpack
Directory used for unpacking file chroots.
AUTHORS
Roger Leigh.
COPYRIGHT
Copyright 2005-2012 Roger Leigh <[email protected]> schroot is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
SEE ALSO
dchroot(1), sbuild(1), chroot(2), run-parts(8), schroot-setup(5), schroot-faq(7), schroot.conf(5).
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
