xchroot
chroot for users with Xorg/X11 forwarding and automatic mounting + aufs read only root support.
| |
|
|
xchrootchroot for users with Xorg/X11 forwarding and automatic mounting + aufs read only root support.
|
|
Chroot allows to you to run commands from a different system installation without having to boot into that system. You do not even need a separate partition for the alternate root file system. This does of course only work if both systems are Linux installations or both systems are BSD derivates since there will always be the same kernel in operation. Only shared libraries (*.so, Windows: dll) are loaded from the new root on program invocation out of the chroot environment.
This is particularely useful if you have installed more than one Linux distro and want to run programs from another distro than you have actually booted to. Chroot is also widely in use for program development and packaging. It can also be used to run programs that are no more available for recent Linux distros.
Chroot works immediately and guarantees minimal effort. You do not have to wait until another system is booted. Memory usage is as little as possible. In Linux it is possible for a cracker to escape from a chroot environment while chroot-jails are also considered a security feature in FreeBSD.
The only thing you have to do in order to change to another chroot environment (i.e. another installed system) is to issue a chroot command as root on the directory that should become the new root of the file system. Use exit to get back to your boot-root.
> chroot /mnt/debianUnfortunately you may find out soon that a pure chroot is very restricted. f.i. You can not run any GUI-applications. A workaround for this is to redirect all X11 drawing operations through localhost: > xhost +localhost > DISPLAY=localhost:0 chroot /mnt/debian;
However this will not work if your X server being responsible for all graphical output has been startet with the -nolisten tcp option which is the default for reasons of security in many distributions like Suse. In this case you would have to replicate the socket file /tmp/.X11-unix/X0 to /mnt/debian/tmp/.X11-unix/X0 which needs to be done by a proper socat rather than a pure link. Pure links do not work since a link equals to the character string of the referenced file which points to something different after the chroot. Find out about the command line X has been started with by the following command:
> ps ax|grep "X[^/]* " 1959 tty7 Ss+ 75:16 /usr/bin/Xorg -br -nolisten tcp :0 vt7 -auth /var/lib/xdm/authdir/authfiles/A:0-EgqjEQFurthermore programs like grub or gparted need direct access to your disk devices at /dev. You may simply mirror your /dev to /mnt/debian/dev in this example before you issue a chroot which can be accomplished by mount --bind /dev /mnt/debian/dev. Proceed the same way for your /sys and /proc directory which are required by many programs as an additional interface to expose and set kernel data. Note that also subdirectories may require their own mounts as /dev/pts/* for terminals.
Simply use xchroot instead to accomplish all these tasks automatically:
> xchroot /mnt/debianxchroot will mount your new root filesystem and all sub-partitions as for /var /tmp /usr automatically, provided that they are listed in your /etc/fstab (you may want to specify the noauto option if a partition should not be mounted unless an xchroot is issued upon its root.). xchroot will mirror /sys, /proc and /dev and most important it will leverage the usage of GUI applications (DISPLAY=:X). Furthermore unlike with chroot you may specify any program in the chroot environment if you do not just wish to execute the bash standard shell:
> xchroot /mnt/debian xtermxchroot unmounts the helper dirs (sys,proc,dev) automatically on exit independent of the mount state at invocation time. Since version 2.0 it uses furthermore tmp-mirroring by default instead of socat-ing so that socat is no more required. Nonetheless the more safe -socat option is still available.
If any program in the chroot is still running on exit you are prompted to terminate it but you can also choose to leave all programs running. In this case you need to umount later on by invoking chroot cleanup with exactly the same parameters as before. If an xchroot/openroot is already running a normal chroot should also suffice as long as you terminate the openroot/xchroot last. On the contrary there should nothing speak against invoking multiple xchroots leaving the cleanup to the xchroot terminated last (select Leave in the menu.).
If you have xchroot forget all the other *chroot-s! You do not even need it to chroot as user. The --user option and sudo will serve this purpose. A simple
> xchroot -u usr /mnt/debian will do what you want provided that you execute it as root.
A simple entry in your /etc/sudoers leverages the use directly as user usr or via /etc/sudoers:
letting you open any root under /dst. ('ALL' is just your host name in case that the /etc/sudoers is distributed to many hosts but should not allow on all of them.)
elm:~> sudo -E xchroot --user elm /dst/debian/ (does not make use of our sudoers entry yet; just have a quick test now.)
-----------------------------------------------------------
chroot /dst/debian /tmp/xchroot/startup-31666
Debian GNU/Linux 6.0 \n \l
debian_elm:~> goldendict &
Now a goodie for colorful user prompts even under xchroot (put it in your .bashrc):
export PS1="\[\e[0;32m\]$XCHROOT_NAME${XCHROOT_NAME:+_}\[\e[0;31m\]\u:\[\e[0;33m\]\w> \[\e[0m\]"
All of you who miss the old openroot will like the following (for your bashrc):
alias openroot="sudo env XAUTHORITY=$XAUTHORITY DISPLAY=$DISPLAY /home/shell/shutil/xchroot --user elm"
Usually your distro should automatically serve this purpose by an adequate bash startup. However you can establish this yourself; a topic which is not directly related to xchroot/openroot but which may be very useful in the context of openroot. The bash environment variable XAUTHORITY points to a file which is by default called ~/.Xauthority and which contains a cookie the client needs to obtain access from the Xorg/X11 server. To move the cookie from /home/usr/.Xauthority to /root/.Xauthority do an xauth extract myfile as user and an xauth merge myfile as root. Myfile may be '-' for stdin/stdout.
Now let the following code in my .bashrc slowly melt on your tongue:
if logname &>/dev/null && [ "$(logname)" != "$(id --name -u )" ] && [ -z "$XCHROOT_MYROOT" ]; then
if [ -n "$XAUTH" ];
# matters whether environment variable is unset or empty; not set: should not exist.
then sudo -n -u $(logname) env XAUTHORITY="$XAUTH" /usr/bin/xauth extract - $DISPLAY | xauth merge -
else sudo -n -u $(logname) /usr/bin/xauth extract - $DISPLAY | xauth merge -
fi
else
if [ -z "$XAUTH" ]; then export XAUTH="$XAUTHORITY"
elif [ -z "$XAUTHORITY" ]; then export XAUTHORITY="$XAUTH"
fi
fixchroot is also handy if you wanna leave your target chroot environment untouched for any kind of reason. This may be a necessity if your chroot environment is located on a read only media like your cdrom drive. Simply use the -a option and be sure that aufs is installed. Note that aufs has undergone significant changes recently but xchroot-2.1 has not yet been updated to reflect these changes so that I can not guarantee for its '-a' functionality.
> xchroot -a /mnt/debianReadonly access is established like this: Changed files are copied to /tmp/xchroot/$$ where $$ is the pid of the invoker. These files are kept for examination by default an need to be deleted later on by the user. The root where additional files from /tmp/xchroot/$$ and the desired ro-root directory are combined is /mnt/debian-$$. If xchroot has been terminated exceptionally you may want to issue an xchroot cleanall /mnt/debian that cleans up all /tmp/xchroot/$$ and all /mnt/debian-$$ directories.
Note that some kind of partitions like ext4 partitions are not mountable if burnt to read only media because they seem only having been designed for rw-media always writing the last mount time. If you want to burn a root to blue ray in order to access it later on with xchroot use JFS a fully fast and compatible filesystem also supported by OS/2 and eComstation
xchroot does also mount changeable media under /media into your chroot environment. While this has proven to be practical in many situations you have to take special care when removing your changeable media during an xchroot session. Make sure that all mount points are unmounted i.e. /media/xx, /chroot/media/xxx etc.. You can check for all removable media mounts by issuing sth. like mount | grep sd[^ab] given that you have two non-removable disks called sda and sdb. Note that /media-mounting is currently only done on startup.
You may simply use an old system installation as chroot environment instead of booting into it via qemu-kvm, VMWare or VirtualBox. On the other hand it is not difficult to create an own minimal chroot environment that does only contain the necessary packages to run a certain software or to compile a certain package
In Debian use debootstrap to initialize a new root
> debootstrap lenny /var/xchroot/suse11.2 http://debian.uni-klu.ac.at/debianIn Suse use zypper with the --root option to add repositories and install software:
> mkdir /var/xchroot/suse11.2 > mount /dev/sr0 /media/dvd > zypper --root /xchroot/suse11.2 ar /media/dvd/ dvd Repository 'dvd' wird hinzugefügt [fertig] Repository 'dvd' erfolgreich hinzugefügt Aktiviert: Ja Autoaktualisierung: Nein URI: dir:///media/dvd > zypper --root /xchroot/suse11.2 lr # | Alias | Name | Aktiviert | Aktualisieren --+-------+------+-----------+-------------- 1 | dvd | dvd | Ja | Nein > zypper --root /xchroot/suse11.2 in rpm zypper xterm| Download: |
| Author: |
| Hint: Don`t forget to chmod +x xchroot |
|---|