Re: chroot add option to mount /dev /proc /sys for you?
Marc Weber wrote: > So the question would turn into would it make sense to create a new tool > which (optionally cleans up) like this: > > with-mounts sys,proc,dev -- chroot ... > > There might be many use cases. > > I think there is interest. But I'm unsure where would be the place to > put such script. I hit this problem multiple times. Are you aware of 'schroot'? It already does everything I think you are wanting to do. https://gitlab.com/codelibre/schroot https://packages.debian.org/sid/schroot It's very fancy. It mostly replaces the older 'dchroot' which is yet another utility in this topic space. https://packages.debian.org/sid/dchroot Bob signature.asc Description: PGP signature
Re: chroot add option to mount /dev /proc /sys for you?
Hi Bernhard Voelker, Thinking about it again you might be right. So the question would turn into would it make sense to create a new tool which (optionally cleans up) like this: with-mounts sys,proc,dev -- chroot ... There might be many use cases. I think there is interest. But I'm unsure where would be the place to put such script. I hit this problem multiple times. Marc Weber
Re: chroot add option to mount /dev /proc /sys for you?
Hello Marc, On 17/04/18 12:23 AM, Bernhard Voelker wrote: On 04/15/2018 12:46 AM, Marc Weber wrote: chrooting has always been a mess for me because in order for software to work you need to bind mount /dev /proc /sys usually. Then when something crashes your you quit chroot -> a mess again. This was already discussed at: https://lists.gnu.org/r/coreutils/2017-09/msg00013.html In addition to the suggestion from the above thread (use a script), since you are already using linux-specific commands you might want to consider using unshare(1) from util-linux which will create a separate mount-namespace. Example, if you have the chroot directories: /tmp/chroot/bin /tmp/chroot/proc /tmp/chroot/sys /tmp/chroot/dev And have the minimal shell static binary: /tmp/chroot/bin/sh You could do the following: sudo unshare --mount \ sh -c "mount -t proc none /tmp/chroot/proc ; \ mount -t sysfs none /tmp/chroot/sys ; \ mount -o bind /dev /tmp/chroot/dev ; \ exec chroot /tmp/chroot /bin/sh" First, these mounts will not appear on your main system. Second, these mounts will disappear once /bin/sh terminates. --- For an even more advanced/complicated sandboxing solutions, programs like BubbleWrap ( https://github.com/projectatomic/bubblewrap ) take full advantage of linux namespaces (~containers) and allow you to easily specify many types of mounts and isolations. Hope this helps, - Assaf
Re: chroot add option to mount /dev /proc /sys for you?
On 04/15/2018 12:46 AM, Marc Weber wrote: > chrooting has always been a mess for me because in order for software to > work you need to bind mount /dev /proc /sys usually. > Then when something crashes your you quit chroot -> a mess again. > > So why not add a chroot --bind-mount-defaults options which keeps track of > how many chroots are running and makes the last exiting process clean up? > > Then chrooting would be easier going. > > Would thus option make sense ? This was already discussed at: https://lists.gnu.org/r/coreutils/2017-09/msg00013.html This is too system-specific to be added to chroot(1) which is merely a wrapper around the chroot system call. Have a nice day, Berny
chroot add option to mount /dev /proc /sys for you?
chrooting has always been a mess for me because in order for software to work you need to bind mount /dev /proc /sys usually. Then when something crashes your you quit chroot -> a mess again. So why not add a chroot --bind-mount-defaults options which keeps track of how many chroots are running and makes the last exiting process clean up? Then chrooting would be easier going. Would thus option make sense ? Marc Weber
