Linux

DEBIAN – UBUNTU : HOW TO BUILD MOST MINIMAL CHROOT
###################################################

Skip to reading #3 for the minimal chroot, and skip the talk before

INFO FROM: http://sagar.se/an-absolutely-minimal-chroot.html AND http://www.thegeekstuff.com/2010/01/debootstrap-minimal-debian-ubuntu-installation/ AND a few other sites

For whatever reason you need a chroot. There are 3 ways to do it.

#1 CHROOT BY APPLICATION

Maybe your app can do it, so you dont need to do it

#2 DEBOOTSTRAP CHROOT

Run debootstrap, however it installs way too much stuff

# mkdir /mychroot/

Syntax for debootstrap:

# debootstrap --arch $ARCH $RELEASE $DIR $MIRROR

$ARCH is whatever architecture you’re using (i386, amd64, sparc, etc.),
$RELEASE is the Ubuntu release you want to use such as edgy, gutsy, or hardy,
$DIR is the directory that you’ll be bootstrapping to and
$MIRROR should be http://archive.ubuntu.com/ubuntu.
Use a different $MIRROR and different $RELEASE if you’re bootstrapping a Debian system.

Based on the above syntax, following is a debootstrap example:

# debootstrap wheezy /empty/directory http://ftp.us.debian.org/debian
# debootstrap --arch i386 gutsy /mnt/min_buntu http://archive.ubuntu.com/ubuntu

And now your free to configure everything

# chroot /mychroot
# mount -t proc proc /proc
# mount -t sysfs sysfs /sys

#3 MOST MINIMAL CHROOT POSSIBLE

Setup a very minimal chroot where the chrooted user cannot do anything besides the select bash commands. All we need to do is copy bash into the chroot “bin” folder (we will make it) and appropriately puts the correct libraries in lib.

First see where your bash is (should ALWAYS BE in /bin/bash – but I dont know maybe its different on your OS)

# which bash
/bin/bash

See what dependencies/modules you need to copy:

# ldd /bin/bash
linux-vdso.so.1 => (0x00007fffe61fe000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f73b068a000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f73b0486000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f73b00bf000)
/lib64/ld-linux-x86-64.so.2 (0x00007f73b08bd000)

We are going to ignore the first module linux-vdso.so.1 as its a virtual kernel object.

So we need to copy the following 4 files:
/lib/x86_64-linux-gnu/libtinfo.so.5
/lib/x86_64-linux-gnu/libdl.so.2
/lib/x86_64-linux-gnu/libc.so.6
/lib64/ld-linux-x86-64.so.2

Lets begin by building out chroot directory structure

# mkdir /mychroot
# mkdir /mychroot/bin
# mkdir /mychroot/lib
# mkdir /mychroot/lib64

OR in one command: “mkdir -p /mychroot/{bin,lib,lib64}” or “mkdir -p /mychroot/bin /mychroot/lib /mychroot/lib64

Note if your system didnt show any “lib64”, then dont make “lib64” folder in /mychroot and just make the “lib” folder in /mychroot. Likewise (and I doubt any system out there does this) if you only see “lib64” folders, then you dont need to make “lib” folders in /mychroot, just make the “/lib64”.

Notice that my lib structure outside of mychroot structure actually has a subfolder inside lib “x86_64-linux-gnu” (which is /lib/x86_64-linux-gnu, and the top 3 module we need are there – also in reality there are alot more files and folders there then just those, we only need these few to get the chroot working), well guess what? We dont need it. We just need in the chroot “lib” and “lib64” (and also “bin” for bash).

Notice also the last file there goes in the lib64, this might be different in your system

Start copying

# cp /bin/bash /mychroot/bin
# cp /lib/x86_64-linux-gnu/libtinfo.so.5 /lib
# cp /lib/x86_64-linux-gnu/libdl.so.2 /lib
# cp /lib/x86_64-linux-gnu/libc.so.6 /lib
# cp /lib64/ld-linux-x86-64.so.2 /lib64

Finally you can chroot:

# chroot /mychroot

Or

# chroot /mychroot bash

Or

# chroot /mychroot /bin/bash

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *