16

I am trying to write a bootstrapper for a minimal, from-source linux distribution.

I would like to build in a chroot-like environment. This should simplify packaging. I do not care about security at this point. The bootstrapper should not require any non-standard third-party commands. It would be great if there is no need to be root, either.

This is why fakechroot(1) fakeroot(1) chroot(1) is not exactly what I am looking for.

Is it possible to fake / using unshare(1) and /bin/sh?

Rooties
  • 161
  • AFAICS, unshare(1) is a rather thin wrapper around a collection of root-only system calls, and (at least on Fedora 18) it isn't SUID, so I doubt very much that that will work for non-root users. – vonbrand Feb 25 '13 at 19:50
  • Oh, that's a shame. I was under the impression unshare is setuid. I guess I am fine with being root. – Rooties Feb 25 '13 at 19:53
  • 4
    With the release of the new Linux 3.8 kernel, you can use namespace features as non-root. But this is shiny new stuff: you need a uid namespace first, and unshare does not support that yet. And your actions will still be limited. – BatchyX Feb 25 '13 at 20:35

3 Answers3

8

Yes. If your kernel supports user_namespaces (and they are enabled), you can first "simulate the root" user, which then gets the right to invoke chroot (as a real root user). (Which previously needed to be restricted only to the root user because of a possibility for privilege escalation by a normal user (say, through set-UID-root binaries and custom libraries in the chroot directory).)

You can try this in your shell:

unshare --user --map-root-user --mount-proc --pid --fork
/sbin/chroot ......
su - user1
3

I recently researched how to do this in various Linux distros. The simplest way found was:

unshare -r chroot <target_folder> <command_w_path>

For chroot to work, the proper libraries and their paths need to be in the target folder. These can be ascertained by using ldd <command_w_path> and then copying them with their paths into the target folder. There were minor differences between the distros, for instance Arch Linux needed a symlink from usr/lib to lib to work.

1

Just bundle or install fakeroot/fakechroot, since they are already perfectly appropriate for this. Look at cdebootstrap for inspiration.

Tobu
  • 6,593