Merge pull request #2398 from bazz2/master

[translated by bazz2]How to Configure Chroot Environment in Ubuntu 14.04
2025-02-25 00:50:15 +08:00 · 2015-02-11 09:39:05 +08:00 · 2015-02-11 09:39:05 +08:00 · e309848ca0
commit e309848ca0
parent 0a994b35ab 9c5ce3db23
2 changed files with 146 additions and 147 deletions
--- a/sources/tech/20150114
+++ b/sources/tech/20150114
@ -1,147 +0,0 @@
 [bazz2222222]
 How to Configure Chroot Environment in Ubuntu 14.04
 ================================================================================
 There are many instances when you may wish to isolate certain applications, user, or environments within a Linux system. Different operating systems have different methods of achieving isolation, and in Linux, a classic way is through a `chroot` environment.
 In this guide, we'll show you step wise on how to setup an isolated environment using chroot in order to create a barrier between your regular operating system and a contained environment. This is mainly useful for testing purposes. We will teach you the steps on an **Ubuntu 14.04** VPS instance.
 Most system administrators will benefit from knowing how to accomplish a quick and easy chroot environment and it is a valuable skill to have.
 ### The chroot environment ###
 A chroot environment is an operating system call that will change the root location temporarily to a new folder. Typically, the operating system's conception of the root directory is the actual root located at "/". However, with `chroot`, you can specify another directory to serve as the top-level directory for the duration of a chroot.
 Any applications that are run from within the `chroot` will be unable to see the rest of the operating system in principle.
 #### Advantages of Chroot Environment ####
 > - Test applications without the risk of compromising the entire host system.
 > 
 > -  From the security point of view, whatever happens in the chroot environment won't affect the host system (not even under root user).
 > 
 > -  A different operating system running in the same hardware.
 For instance, it allows you to build, install, and test software in an environment that is separated from your normal operating system. It could also be used as a method of **running 32-bit applications in a 64-bit environment**.
 But while chroot environments will certainly make additional work for an unprivileged user, they should be considered a hardening feature instead of a security feature, meaning that they attempt to reduce the number of attack vectors instead of creating a full solution. If you need full isolation, consider a more complete solution, such as Linux containers, Docker, vservers, etc.
 ### Debootstrap and Schroot ###
 The necessary packages to setup the chroot environment are **debootstrap** and **schroot**, which are available in the ubuntu repository. The schroot command is used to setup the chroot environment.
 **Debootstrap** allows you to install a new fresh copy of any Debian (or debian-based) system from a repository in a directory with all the basic commands and binaries needed to run a basic instance of the operating system.
 The **schroot** allows access to chroots for normal users using the same mechanism,  but  with  permissions  checking  and allowing additional automated setup of the chroot environment, such as mounting additional filesystems and other configuration tasks.
 These are the steps to implement this functionality in Ubuntu 14.04 LTS:
 ### 1. Installing the Packages ###
 Firstly, We're gonna install debootstrap and schroot in our host Ubuntu 14.04 LTS.
    $ sudo apt-get install debootstrap 
    $ sudo apt-get install schroot
 ### 2. Configuring Schroot ###
 Now that we have the appropriate tools, we just need to specify a directory that we want to use as our chroot environment. We will create a directory called linoxide in our root directory to setup chroot there:
    sudo mkdir /linoxide
 We have to configure schroot to suit our needs in the configuration file .we will modify the schroot configuration file with the information we require to get configured.
    sudo nano /etc/schroot/schroot.conf
 We are on an Ubuntu 14.04 LTS (Trusty Tahr) system currently, but let's say that we want to test out some packages available on Ubuntu 13.10, code named "Saucy Salamander". We can do that by creating an entry that looks like this:
    [saucy]
    description=Ubuntu Saucy
    location=/linoxide
    priority=3
    users=arun
    root-groups=root
 ![](http://blog.linoxide.com/wp-content/uploads/2014/12/schroot-config.png)
 Modify the values of the configuration parameters in the above example to fit your system:
 ### 3. Installing 32 bit Ubuntu with debootstrap ###
 Debootstrap downloads and installs a minimal operating system inside your **chroot environment**. You can install any debian-based distro of your choice, as long as you have a repository available.
 Above, we placed the chroot environment under the directory **/linoxide** and this is the root directory of the chroot environment. So we'll need to run debootstrap inside that directory which we have already created:
    cd /linoxide
    sudo debootstrap --variant=buildd --arch amd64 saucy /linoxide/ http://archive.ubuntu.com/ubuntu/
    sudo chroot /linoxide /debootstrap/debootstrap --second-stage
 You can replace amd64 in --arch as i386 or other bit OS you wanna setup available in the repository. You can replace the mirror http://archive.ubuntu.com/ubuntu/ above as the one closest, you can get the closest one from the official [Ubuntu Mirror Page][1].
 **Note: You will need to add --foreign above 3rd line command  if you choose to setup i386 bit OS choot in your 64 bit Host Ubuntu as:**
    sudo debootstrap --variant=buildd --foreign --arch i386 saucy /linoxide/ http://archive.ubuntu.com/ubuntu/
 It takes some time (depending on your bandwidth) to download, install and configure the complete system. It takes about 500 MBs for a minimal installation.
 ### 4. Finallizing the chroot environment ###
 After the system is installed, we'll need to do some final configurations to make sure the system functions correctly. First, we'll want to make sure our host `fstab` is aware of some pseudo-systems in our guest.
    sudo nano /etc/fstab
 Add the below lines like these to the bottom of your fstab:
    proc /linoxide/proc proc defaults 0 0
    sysfs /linoxide/sys sysfs defaults 0 0
 Save and close the file.
 Now, we're going to need to mount these filesystems within our guest:
    $ sudo mount proc /linoxide/proc -t proc
    $sudo mount sysfs /linoxide/sys -t sysfs
 We'll also want to copy our /etc/hosts file so that we will have access to the correct network information:
    $ sudo cp /etc/hosts /linoxide/etc/hosts
 Finally, You can list the available chroot environments using the schroot command.
    $ schroot -l
 We can enter the chroot environment through a command like this:
    $ sudo chroot /linoxide/ /bin/bash
 You can test the chroot environment by checking the version of distributions installed.
    # lsb_release -a
    # uname -a
 To finish this tutorial, in order to run a graphic application from the chroot, you have to export the DISPLAY environment variable.
    $ DISPLAY=:0.0 ./apps
 Here, we have successfully installed Chrooted Ubuntu 13.10(Saucy Salamander) in your host Ubuntu 14.04 LTS (Trusty Tahr).
 You can exit chroot environment successfully by running the commands below:
    # exit
 Afterwards, we need to unmount our proc and sys filesystems:
    $ sudo umount /test/proc
    $ sudo umount /test/sys
 --------------------------------------------------------------------------------
 via: http://linoxide.com/ubuntu-how-to/configure-chroot-environment-ubuntu-14-04/
 作者：[Arun Pyasi][a]
 译者：[译者ID](https://github.com/译者ID)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
 [a]:http://linoxide.com/author/arunp/
 [1]:https://launchpad.net/ubuntu/+archivemirrors
--- a/translated/tech/20150114
+++ b/translated/tech/20150114
@ -0,0 +1,146 @@
 如何在 Ubuntu 14.04 里面配置 chroot 环境
 ================================================================================
 你可能会有很多理由想要把一个应用、一个用户或者一个环境与你的 linux 系统隔离开来。不同的操作系统有不同的实现方式，而在 linux 中，一个典型的方式就是 chroot 环境。
 在这份教程中，我会一步一步指导你怎么使用 chroot 命令去配置一个与真实系统分离出来的独立环境。这个功能主要可以用于测试项目，这些步骤都在 **Ubuntu 14.04** 虚拟专用服务器(VPS)上执行。
 学会快速搭建一个简单的 chroot 环境是一项非常实用的技能，绝大多数系统管理员都能从中受益。
 ### Chroot 环境 ###
 一个 chroot 环境就是通过系统调用，将一个本地目录临时变成根目录。一般所说的系统根目录就是挂载点"/"，然而使用 chroot 命令后，你可以使用其它目录作为根目录。
 原则上，任何运行在 chroot 环境内的应用都不能访问系统中其他信息（LCTT译注：使用 chroot 把一个目录变成根目录，在里面运行的应用只能访问本目录内的文件，无法访问到目录外的文件。然而，运行在 chroot 环境的应用可以通过 sysfs 文件系统访问到环境外的信息，所以，这里有个“原则上”的修饰语）。
 ### Chroot 环境的用处 ###
 > - 测试一个不稳定的应用服务不会影响到整个主机系统。
 > 
 > -  就算使用 root 权限做了些不当的操作，把 chroot 环境搞得一塌糊涂，也不会影响到主机系统。
 > 
 > -  可以在你的系统中运行另外一个操作系统。
 举个例子，你可以在 chroot 环境中编译、安装、测试软件，而不去动真实的系统。你也可以**在64位环境下使用 chroot 创建一个32位环境，然后运行一个32位的程序**（LCTT泽注：如果你的真实环境是32位的，那就不能 chroot 一个64位的环境了）。
 但是 为了安全考虑，chroot 环境为非特权用户设立了非常严格的限制，而不是提供完整的安全策略。如果你需要的是有完善的安全策略的隔离方案，可以考虑下 LXC、Docker、vservers等等。
 ### Debootstrap 和 Schroot ###
 使用 chroot 环境需要安装 **debootstrap** 和 **schroot**，这两个软件都在 Ubuntu 的镜像源中。其中 schroot 用于创建 chroot 环境。
 **Debootstrap** 可以让你通过镜像源安装任何 Debian（或基于 Debian 的）系统，装好的系统会包含最基本的命令。
 **Schroot** 命令允许用户使用相同的机制去创建 chroot 环境，但在访问 chroot 环境时会做些权限检查，并且会允许用户做些额外的自动设置，比如挂载一些文件系统。
 在 Ubuntu 14.04 LTS 上，我们可以通过两步来实现这个功能：
 ### 1. 安装软件包 ###
 第一步，在Ubuntu 14.04 LTS 主机系统上安装 debootstrap 和 schroot：
    $ sudo apt-get install debootstrap 
    $ sudo apt-get install schroot
 ### 2. 配置 Schroot ###
 现在我们有工具在手，需要指定一个目录作为我们的 chroot 环境。这里创建一个目录先：
    sudo mkdir /linoxide
 编辑 schroot 的配置文件：
    sudo nano /etc/schroot/schroot.conf
 再提醒一下，我们现在是在 Ubuntu 14.04 LTS 系统上。如果我们想测试一个软件包能不能在 Ubuntu 13.10（代号是“Saucy Salamander”） 上运行，就可以在配置文件中添加下面的内容：
    [saucy]
    description=Ubuntu Saucy
    location=/linoxide
    priority=3
    users=arun
    root-groups=root
 ![](http://blog.linoxide.com/wp-content/uploads/2014/12/schroot-config.png)
 根据你的系统要求，调整上面的配置信息。
 ### 3. 使用 debootstrap 安装32位 Ubuntu 系统 ###
 Debootstrap 命令会在你的 **chroot 环境**里面下载安装一个最小系统。只要你能访问镜像源，你就可以安装任何基于 Debian 的系统版本。
 前面我们已经创建了 **/linoxide** 目录用于放置 chroot 环境，现在我们可以在这个目录里面运行 debootstrap 了：
    cd /linoxide
    sudo debootstrap --variant=buildd --arch amd64 saucy /linoxide/ http://archive.ubuntu.com/ubuntu/
    sudo chroot /linoxide /debootstrap/debootstrap --second-stage
 你可以将 --arch 的参数换成 i386 或其他架构，只要存在这种架构的镜像源。你也可以把镜像源 http://archive.ubuntu.com/ubuntu/ 换成离你最近的镜像源，具体可参考 [Ubuntu 官方镜像主页][1]。
 **注意：如果你是在64位系统中创建32位系统，你需要在上面第3行命令中加入 --foreign 选项，就像下面的命令：**
    sudo debootstrap --variant=buildd --foreign --arch i386 saucy /linoxide/ http://archive.ubuntu.com/ubuntu/
 下载需要一段时间，看你网络带宽性能。最小系统大概有500M。
 ### 4. 完成 chroot 环境 ###
 安装完系统后，我们需要做一些收尾工作，确保系统运行正常。首先，保证主机的 fstab 程序能意识到 chroot 环境的存在：
    sudo nano /etc/fstab
 在文件最后面添加下面的配置：
    proc /linoxide/proc proc defaults 0 0
    sysfs /linoxide/sys sysfs defaults 0 0
 保存并关闭文件。
 挂载一些文件系统到 chroot 环境：
    $ sudo mount proc /linoxide/proc -t proc
    $ sudo mount sysfs /linoxide/sys -t sysfs
 复制 /etc/hosts 文件到 chroot 环境，这样 chroot 环境就可以使用网络了：
    $ sudo cp /etc/hosts /linoxide/etc/hosts
 最后使用 schroot -l 命令列出系统上所有的 chroot 环境：
    $ schroot -l
 使用下面的命令进入 chroot 环境：
    $ sudo chroot /linoxide/ /bin/bash
 测试安装的版本：
    # lsb_release -a
    # uname -a
 为了在 chroot 环境中使用图形界面，你需要设置 DISPLAY 环境变量：
    $ DISPLAY=:0.0 ./apps
 目前为止，我已经成功地在 Ubuntu 14.04 LTS 上安装了 Ubuntu 13.10。
 退出 chroot 环境：
    # exit
 清理一下，卸载文件系统：
    $ sudo umount /test/proc
    $ sudo umount /test/sys
 --------------------------------------------------------------------------------
 via: http://linoxide.com/ubuntu-how-to/configure-chroot-environment-ubuntu-14-04/
 作者：[Arun Pyasi][a]
 译者：[bazz2](https://github.com/bazz2)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
 [a]:http://linoxide.com/author/arunp/
 [1]:https://launchpad.net/ubuntu/+archivemirrors