DEBIAN – UBUNTU : HOW TO BUILD MOST MINIMAL CHROOT
###################################################
Skip to reading #3 for the minimal chroot, and skip the talk before
INFO FROM: http://sagar.se/an-absolutely-minimal-chroot.html AND http://www.thegeekstuff.com/2010/01/debootstrap-minimal-debian-ubuntu-installation/ AND a few other sites
For whatever reason you need a chroot. There are 3 ways to do it.
#1 CHROOT BY APPLICATION
Maybe your app can do it, so you dont need to do it
#2 DEBOOTSTRAP CHROOT
Run debootstrap, however it installs way too much stuff
# mkdir /mychroot/
Syntax for debootstrap:
# debootstrap --arch $ARCH $RELEASE $DIR $MIRROR
$ARCH is whatever architecture you’re using (i386, amd64, sparc, etc.),
$RELEASE is the Ubuntu release you want to use such as edgy, gutsy, or hardy,
$DIR is the directory that you’ll be bootstrapping to and
$MIRROR should be http://archive.ubuntu.com/ubuntu.
Use a different $MIRROR and different $RELEASE if you’re bootstrapping a Debian system.
Based on the above syntax, following is a debootstrap example:
# debootstrap wheezy /empty/directory http://ftp.us.debian.org/debian # debootstrap --arch i386 gutsy /mnt/min_buntu http://archive.ubuntu.com/ubuntu
And now your free to configure everything
# chroot /mychroot # mount -t proc proc /proc # mount -t sysfs sysfs /sys
#3 MOST MINIMAL CHROOT POSSIBLE
Setup a very minimal chroot where the chrooted user cannot do anything besides the select bash commands. All we need to do is copy bash into the chroot “bin” folder (we will make it) and appropriately puts the correct libraries in lib.
First see where your bash is (should ALWAYS BE in /bin/bash – but I dont know maybe its different on your OS)
# which bash /bin/bash
See what dependencies/modules you need to copy:
# ldd /bin/bash linux-vdso.so.1 => (0x00007fffe61fe000) libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f73b068a000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f73b0486000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f73b00bf000) /lib64/ld-linux-x86-64.so.2 (0x00007f73b08bd000)
We are going to ignore the first module linux-vdso.so.1 as its a virtual kernel object.
So we need to copy the following 4 files:
/lib/x86_64-linux-gnu/libtinfo.so.5
/lib/x86_64-linux-gnu/libdl.so.2
/lib/x86_64-linux-gnu/libc.so.6
/lib64/ld-linux-x86-64.so.2
Lets begin by building out chroot directory structure
# mkdir /mychroot # mkdir /mychroot/bin # mkdir /mychroot/lib # mkdir /mychroot/lib64
OR in one command: “mkdir -p /mychroot/{bin,lib,lib64}” or “mkdir -p /mychroot/bin /mychroot/lib /mychroot/lib64”
Note if your system didnt show any “lib64”, then dont make “lib64” folder in /mychroot and just make the “lib” folder in /mychroot. Likewise (and I doubt any system out there does this) if you only see “lib64” folders, then you dont need to make “lib” folders in /mychroot, just make the “/lib64”.
Notice that my lib structure outside of mychroot structure actually has a subfolder inside lib “x86_64-linux-gnu” (which is /lib/x86_64-linux-gnu, and the top 3 module we need are there – also in reality there are alot more files and folders there then just those, we only need these few to get the chroot working), well guess what? We dont need it. We just need in the chroot “lib” and “lib64” (and also “bin” for bash).
Notice also the last file there goes in the lib64, this might be different in your system
Start copying
# cp /bin/bash /mychroot/bin # cp /lib/x86_64-linux-gnu/libtinfo.so.5 /lib # cp /lib/x86_64-linux-gnu/libdl.so.2 /lib # cp /lib/x86_64-linux-gnu/libc.so.6 /lib # cp /lib64/ld-linux-x86-64.so.2 /lib64
Finally you can chroot:
# chroot /mychroot
Or
# chroot /mychroot bash
Or
# chroot /mychroot /bin/bash