12

I need to be able to provide the /bin and /lib directories inside a chroot jail so that programs can dynamically link properly.

Is there a way to accomplish this without making a copy of the /bin and /lib dirs to the chroot jail?

I've tried symlinks, and they don't work from inside chroot jails, and directories can not be hardlinked.

3 Answers3

16

You could use mount to remount the directories you need in your jail:

# mount --bind /bin /chroot/bin
# mount --bind /lib /chroot/lib
# chroot /chroot

For use in /etc/fstab:

/bin /chroot/bin none bind
/lib /chroot/lib none bind

Cheers!

jgr
  • 276
  • 3
  • 7
3

If you didn't want to mount the directories as jgr said, you can use cp to recursivly copy directories and create hardlinks for all files:

cp -alf /bin /chroot/bin
cp -alf /lib /chroot/lib
chroot /chroot

This way your chroot's /bin and /lib can have slightly different structure / contents than the main directories.

Josh
  • 8,449
  • 1
    Good idea, but if the /chroot is on a different device this won't work. You can't hardlink across devices. – AllenKll May 06 '16 at 18:23
1
#!/bin/bash

copy_file_and_dependencies() {
    PROGRAM="$1"
    DEPENDENCIES="$(ldd "$PROGRAM" | awk '{ print $3 }' | grep -v '(' | grep -v 'not a dynamic executable')"

    mkdir -p "${JAIL}$(dirname $PROGRAM)"
    cp -Lv "$PROGRAM" "${JAIL}${PROGRAM}"

    for f in $DEPENDENCIES; do
        mkdir -p "${JAIL}$(dirname $f)"
        cp -Lv "$f" "${JAIL}${f}"
    done
}

export -f copy_file_and_dependencies

copy_file_and_dependencies /etc/ld.so.cache
copy_file_and_dependencies /bin/sh
# ...
mcandre
  • 384
  • 2
    The intent of the question seems to be to provide access to the existing files rather than copying them into the chroot. – psusi May 18 '15 at 02:04