I am trying to write a bootstrapper for a minimal, from-source linux distribution.
I would like to build in a chroot-like environment. This should simplify packaging. I do not care about security at this point. The bootstrapper should not require any non-standard third-party commands. It would be great if there is no need to be root, either.
This is why fakechroot(1) fakeroot(1) chroot(1) is not exactly what I am looking for.
Is it possible to fake / using unshare(1) and /bin/sh?
Yes. If your kernel supports user_namespaces (and they are enabled), you can first "simulate the root" user, which then gets the right to invoke chroot (as a real root user). (Which previously needed to be restricted only to the root user because of a possibility for privilege escalation by a normal user (say, through set-UID-root binaries and custom libraries in the chroot directory).)
You can try this in your shell:
unshare --user --map-root-user --mount-proc --pid --fork
/sbin/chroot ......
su - user1
unshare from util-linux-2.30.2-alt1
– imz -- Ivan Zakharyaschev
Apr 06 '18 at 13:19
I recently researched how to do this in various Linux distros. The simplest way found was:
unshare -r chroot <target_folder> <command_w_path>
For chroot to work, the proper libraries and their paths need to be in the target folder. These can be ascertained by using ldd <command_w_path> and then copying them with their paths into the target folder. There were minor differences between the distros, for instance Arch Linux needed a symlink from usr/lib to lib to work.
Just bundle or install fakeroot/fakechroot, since they are already perfectly appropriate for this. Look at cdebootstrap for inspiration.
unshare(1)is a rather thin wrapper around a collection of root-only system calls, and (at least on Fedora 18) it isn't SUID, so I doubt very much that that will work for non-root users. – vonbrand Feb 25 '13 at 19:50