linux-user-chroot - safely allow normal users to chroot
] [--mount-proc DIR
[--chdir DIR] ROOTDIR
is a tool meant for building software in a clean
environment. The user needs to create a directory tree with the build
dependencies needed, and only those, and then linux-user-chroot
the actual build commands such that the commands only see the directory tree.
This is useful for ensuring the build gets the right version of its build
dependencies, for example.
works similary to chroot
(8), but does not
require the caller to have root privileges. It uses Linux containers to
restrict the chroot to make this safe. The command run inside the chroot is
run as the calling user, not as root.
executes a command, and sets the root directory for the
command to the directory specified by the user (ROOTDIR
it creates a "nosuid" bind mount over the root filesystem, to
prevent the build from gaining privileges using setuid binaries. The command
can further be restricted from accessing the network, and it can be set up
with new process ID and SysV IPC namespaces.
- Create a new SysV IPC namespace for the command.
- Create a new process ID (PID) namespace for the command.
This prevents the command from seeing any other processes in the system,
except itself and the processes it itself creates.
- Create a new, empty networking stack. This prevents the
command from using any networking, including loopback.
- --mount-proc DIR
- Mount the proc filesystem at DIR.
- --mount-readonly DIR
- Make DIR be read-only for the command.
- --mount-bind SOURCE DEST
- Add a bind mount while the command is executing.
- --chdir DIR
- After setting the new root directory for the command,
change the current working directory to be DIR.
The exit status is the exit status of the executed command, or 1 if
failed to execute the command.
To build software in the real system, but without networking:
linux-user-chroot --unshare-net --chdir "$(pwd)"
make clean all check