schroot - chroot for any users

Posted by amadeu on Tue 27 Nov 2007 at 15:06

Tags: , , , , , , ,
From manpages: schroot allows the user to run a command or a login shell in a chroot environment. If no command is specified, a login shell will be started in the user current working directory inside the chroot.

I've been trying some virtual machines solutions to execute some programs 32bits in my machine. But it's take very time, start a xen VM or virtualbox. Often this solutions needs some maintain additional costs to setup a X server to run any X-based program.

My initial motivation was that wengophone wasn't in Debian lenny for amd64 until some days ago. Thus I did want to run a x-based program in a single chroot as normal user.

The schroot makes a chroot's use easy! Very easy for end users.

  1. install into your original installation: 
     # aptitude install schroot
  2. configure the /etc/schroot/schroot.conf like: 
    [sid]
description=Debian sid (unstable)
type=directory
location=/srv/chroot/sid
priority=3
users=YOUR_USER
groups=SOME_GROUP_LIKE_users
root-groups=YOUR_ADMIN_USER
run-setup-scripts=true
run-exec-scripts=true
  3. creating a chroot: 
     # debootstrap --arch i386 sid /srv/chroot/sid http://ftp.br.debian.org/debian
  4. installing 32bit programs in the chroot:
     # schroot -c sid -p aptitude install wengophone
  5. to run X programs make sure that your X session accept it and execute the schroot:
    $ xhost +
$ schroot -c sid -p wengophone
  6. there is a more safer way to run X programs like comments below and a example of wengophone_wrapper script
  7. it isn't need mount /proc on fstab or other because run-setup-scripts and run-exec-scripts take care of this, but you should look the /etc/schroot/mount-defaults to set your specific directories
Shortcuts:
  1. create a wrapper script /usr/local/bin/wengophone_wrapper: 
    #!/bin/bash
## UPDATED after the comment #16 to reduce security risk ;-)
# right way for export Xauthority file
xauth extract /srv/chroot/sid$HOME/.Xauthority $DISPLAY
# run your command
schroot -c sid -p wengophone
# remove the Xauthority
rm -f /srv/chroot/sid$HOME/.Xauthority
  2. permissions : 
     # chmod +x /usr/local/bin/wengophone_wrapper
  3. now you could create some wengo.desktop for your users :-)
PS: maybe wengophone example it's trivial, but try it with others programs only 32bit like the non-free skype
Share/Save/Bookmark
Add Comment XML logo Printable version

 

<<< Using the X clipboard from the command line Migrating mailman lists >>>

#1
Re: schroot - chroot for any users
Posted by dreynolds (212.140.xx.xx) on Tue 27 Nov 2007 at 16:25
[ Send Message ]
You spelt debootstrap wrong, which I wouldn't have noticed had I not copied and pasted it ;)

Cheers

--
Dave

[ Parent | Reply to this comment ]

#2
Re: schroot - chroot for any users
Posted by Steve (80.68.xx.xx) on Tue 27 Nov 2007 at 16:28
[ Send Message | View Steve's Scratchpad | View Weblogs ]

Fixed now, thanks. I didn't test all the steps myself on this one - I'll be more careful in the future.

Steve

[ Parent | Reply to this comment ]

#3
Re: schroot - chroot for any users
Posted by Anonymous (209.104.xx.xx) on Tue 27 Nov 2007 at 19:34
Why do xhost + when your x session could (potentially) be compromised? You can do something more secure like:
xhost localhost


Even though the chances of someone exploiting your explicit allow of x clients is unlikely, it isn't impossible.

---
Jeff Schroeder
http://www.digitalprognosis.com

[ Parent | Reply to this comment ]

#4
Re: schroot - chroot for any users
Posted by ajt (85.211.xx.xx) on Tue 27 Nov 2007 at 20:52
[ Send Message | View Weblogs ]
I can't remember doing any messing with xhost to get apps to work when I used a chroot to run 32-bit apps on my 64-bit Sarge systems.

Back when I used a chroot I followed the guide on Alioth:
https://alioth.debian.org/docman/view.php/30192/21/debian-amd64-h owto.html

--
"It's Not Magic, It's Work"
Adam

[ Parent | Reply to this comment ]

#6
Re: schroot - chroot for any users
Posted by amadeu (139.82.xx.xx) on Tue 27 Nov 2007 at 23:55
[ Send Message ]
ohh Adam, really very nice how-to I didn't known that. Thanks for the great reference. Amadeu :)

[ Parent | Reply to this comment ]

#8
Re: schroot - chroot for any users
Posted by ajt (204.193.xx.xx) on Wed 28 Nov 2007 at 12:11
[ Send Message | View Weblogs ]
While a chroot has it's use, normally you don't need one to run most x86 32-bit applications on an AMD64 64-bit Debian system. See: http://www.debian-administration.org/articles/534 for details on how.

--
"It's Not Magic, It's Work"
Adam

[ Parent | Reply to this comment ]

#5
Re: schroot - chroot for any users
Posted by amadeu (139.82.xx.xx) on Tue 27 Nov 2007 at 23:51
[ Send Message ]
Really it's a very dangerous thing (xhost +), but when I tried xhost localhost I get a "connection refused" like:
amadeu@sarang:~$ xhost
access control enabled, only authorized clients can connect
amadeu@sarang:~$ xhost localhost
localhost being added to access control list
amadeu@sarang:~$ schroot -c sid -p skype
I: [sid chroot] Running command: "skype"
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

But when I try xhost + works.. then I recommend xhost + before the schroot and xhost - after. Really I didn't understand why xhost localhost don't work with me.. ;) Amadeu

[ Parent | Reply to this comment ]

#12
Re: schroot - chroot for any users
Posted by Anonymous (86.32.xx.xx) on Tue 4 Dec 2007 at 18:48
"xhost localhost" would only work, if you connect to your XServer via tcp(e.g. DISPLAY=localhost:0.0).

If you want to enable local connections (as in DISPLAY=:0.0), "xhost +local:" is your command.

Cheers,
Johannes

[ Parent | Reply to this comment ]

#7
Re: schroot - chroot for any users
Posted by yarikoptic (69.125.xx.xx) on Wed 28 Nov 2007 at 06:04
[ Send Message ]
To avoid messing with xhost I decided to rely on ssh X forwarding -- I setup sshd to be started in chroot on some port like 2222, and then made a host alias like node22chr (instead of plain node22), adjusted .ssh/config to use port 2222 whenever sshing to any node*chr, and thus effectively running any app in a chroot on another node in the cluster was a plain 
ssh -Y node22chr matlab
indeed it requers to setup chroot in a bit fuller way -- user accounts, restart on boot, etc; but it had its benefit: I had fully functional chrooted environment which looked the same as the original host (but of different architecture) for any user who logged in into node22chr instead of node22 ;-)

[ Parent | Reply to this comment ]

#9
Re: schroot - chroot for any users
Posted by lpenz (201.21.xx.xx) on Wed 28 Nov 2007 at 19:26
[ Send Message ]
One can also mount --rbind the home dirs, so that any application can get to .Xauthority. Don't know if it works with different arches, though.

[ Parent | Reply to this comment ]

#10
Re: schroot - chroot for any users
Posted by ajt (85.211.xx.xx) on Wed 28 Nov 2007 at 21:02
[ Send Message | View Weblogs ]
Which is probably how I use to do it. I know the Alioth guide talked about "remounting" various file systems into the chroot.

--
"It's Not Magic, It's Work"
Adam

[ Parent | Reply to this comment ]

#11
Re: schroot - chroot for any users
Posted by superbrose (87.196.xx.xx) on Sun 2 Dec 2007 at 13:14
[ Send Message ]

From the Debian AMD64 Howto (Site currently down):

To run an application inside the chroot you will need some parts of your 64bit system tree inside the chroot. This can be achieved with a bind mount. In this example we will bind /tmp to the chroot for the X11 sockets which are in /tmp, and bind /home to access the home directories from within the chroot. You may also want to mount the /dev, /proc and /sys filesystems within the chroot. Edit your fstab and add the required paths:

# sid32 chroot
/home /var/chroot/sid-ia32/home none bind 0 0
/tmp /var/chroot/sid-ia32/tmp none bind 0 0
/dev /var/chroot/sid-ia32/dev none bind 0 0
/proc /var/chroot/sid-ia32/proc none bind 0 0

Then mount them:

mount /var/chroot/sid-ia32/home
mount /var/chroot/sid-ia32/tmp
mount /var/chroot/sid-ia32/dev
mount /var/chroot/sid-ia32/proc

I use this to run 32-bit programs on my 64-bit system, which works very well, since I can just work in my normal home directory.

A word of caution though: schroot generates sessions that are stored in /var/lib/schroot/session/ and if you don't end these sessions then they accumulate. Each time you do a reboot your system will power up more slowly, because it starts recovering those schroot sessions. For some reason my sessions did not get ended, despite using the --automatic-session option.

So one night late I did something that I later on deeply regretted: I wanted to delete the accumulated schroot sessions, and for some reason could not get them removed using the schroot -e command. So I uninstalled schroot, but the /var/lib/schroot/session directory was still present. Using the power of root I deleted this directory. This was not a good idea! My entire home partition was deleted, along with the other partitions that were bound!

I should have unmounted the bound directories first and everything would have been fine.

[ Parent | Reply to this comment ]

#15
Re: schroot - chroot for any users
Posted by Anonymous (216.224.xx.xx) on Wed 12 Dec 2007 at 13:20
That's a horrifically accurate description of how I lost a week worth
of mad tweaking on a new system. I learned to backup more frequently
and to selectively bind mount.

Here's a basic recipe for X.


[/etc/fstab additions]
/tmp/.X11-unix /srv/chroot/sid_i386/tmp/.X11-unix none rbind,user,noauto 0 0
/home/joe/.Xauthority /srv/chroot/sid_i386/home/joe/.Xauthority none rbind,user,noauto 0 0

[commands]
# sudo touch /srv/chroot/sid_i386/home/joe/.Xauthority
# mount /srv/chroot/sid_i386/home/joe/.Xauthority
# mount /srv/chroot/sid_i386/tmp/.X11-unix
# schroot -p -c sid_i386 -- ls -l .Xauthority
I: [sid_i386-b53b5f82-46d0-4e15-b95e-8129e22f9dc9 chroot] Running command: "ls -l .Xauthority"
-rw------- 1 joe joe 171 2007-12-12 00:03 .Xauthority
# schroot -p -c xterm

[ Parent | Reply to this comment ]

#13
Re: schroot - chroot for any users
Posted by Anonymous (24.23.xx.xx) on Fri 7 Dec 2007 at 01:19
Which Unix are you running this schroot on? Thanks.

[ Parent | Reply to this comment ]

#14
Re: schroot - chroot for any users
Posted by Anonymous (77.121.xx.xx) on Sun 9 Dec 2007 at 10:59
Don't do mounts by yourself.
Please read manpage (look for "startup scripts", "exec scripts")

[ Parent | Reply to this comment ]

#18
Re: schroot - chroot for any users
Posted by amadeu (139.82.xx.xx) on Fri 28 Mar 2008 at 23:20
[ Send Message ]
Yeah! Thanks a lot for your comment I reconfigure my chroot.conf for this and it's much more nice now !! eheheheh nothing of mount -o bind on hand, the schroot now create a session and I just enjoy it ! ehehhe

Thanks again.. :)
PS: I updated the article because this ;-)

[ Parent | Reply to this comment ]

#20
Re: schroot - chroot for any users
Posted by Anonymous (93.95.xx.xx) on Sun 8 Feb 2009 at 10:56
Can you show schroot.conf for automount ?

[ Parent | Reply to this comment ]

#21
Re: schroot - chroot for any users
Posted by amadeu (201.53.xx.xx) on Sun 8 Feb 2009 at 19:30
[ Send Message ]
What you did mean with 'automount'? If you did mean mount some devices/other_directories it's easy:
1. use the file /etc/schroot/mount-defaults (in debian works) and add there lines like in /etc/fstab
2. example, to mount a directory from my main installation:
/home /home none rw,bind 0 0
/dev/hda /media/cdrom udf,iso9660 user,noauto 0 0

If you want usb devices and others.. I think the right way is to install hal/dbus in your chroot installation. If you want 'automount' feature from autofs, you need just put some line in mount-defaults as in /etc/fstab (tips: http://www.linuxfocus.org/Turkce/January2001/article141.meta.shtm l).

Regards, Amadeu.

[ Parent | Reply to this comment ]

#22
Re: schroot - chroot for any users
Posted by andmalc (69.159.xx.xx) on Thu 7 Jan 2010 at 21:55
[ Send Message ]
For anyone still following this:

For auto-mounting from /etc/schroot/mount-defaults to work, you must have a 'type=' in schroot.conf set to one of the types other than 'plain'. If type is 'plain' or is omitted, auto-mounting is disabled. See 'man schroot.conf' for details.

[ Parent | Reply to this comment ]

#16
Re: schroot - chroot for any users
Posted by Anonymous (134.158.xx.xx) on Fri 28 Mar 2008 at 16:18
You should use:

'xhost +local:'

instead of

'xhost +'

which is muuuuuuuuuuuch safer

[ Parent | Reply to this comment ]

#17
Re: schroot - chroot for any users
Posted by amadeu (139.82.xx.xx) on Fri 28 Mar 2008 at 23:17
[ Send Message ]
It isn't need (reread this tuto because I changed it now ;-)).. it's safer use the xauth features to extract the session ids to a new .Xauthority of your $DISPLAY, after just execute your command and remove the .Xauthority cloned on chroot. It's nice for a wrapper script ;-).

Thanks a lot.

[ Parent | Reply to this comment ]

#19
Re: schroot - chroot for any users
Posted by Anonymous (85.178.xx.xx) on Wed 25 Jun 2008 at 02:16
If you get:

schroot -p xterm
I: [my_system chroot] Running command: "xterm"
Warning: Tried to connect to session manager, Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed
xterm: Error 32, errno 2: No such file or directory
Reason: get_pty: not enough ptys

try adding:

/dev/pts /path_to_chroot/dev/pts devpts bind,defaults 0 0

in /etc/fstab

and executing

mount -a

[ Parent | Reply to this comment ]

#23
Re: openroot - chroot for X11 and for read only access
Posted by Anonymous (91.114.xx.xx) on Sun 17 Jan 2010 at 12:33
chroot and schroot do not allow X11 access of GUI programs.
Use openroot for this: http://www.elstel.com/openroot/
other features: auto-mounting of /dev, /proc, /media, ...
other features: chroot to read-only partition with temporary changes

[ Parent | Reply to this comment ]

User Login

Username:

Password:

[ Advanced Login ]

Register Account

Related Links

Quick Site Search