Intro To 'chroot' Command In Linux

2023-06-23 - By Robert Elder

     I use the 'chroot' command to run programs with a different root directory:

sudo chroot /path/to/chroot/environment my-fun-program

Purpose Of 'chroot' Command

     The 'chroot' command is the simplest and earliest form of container software, that dates back as early as Unix version 7 which ran on the PDP-11 in 1979.

     The primary uses of the 'chroot' command are for creating cross-compilers, operating system development and other non-security related isolation tasks.

The Simplest 'chroot' Environment Setup

     If I create a temporary directory at this location:

mkdir /tmp/my-example-chroot

     I can try to set up an isolated self-contained chroot environment at the location '/tmp/my-example-chroot'.

     First, I'll move to this directory:

cd /tmp/my-example-chroot

     and create these system folders:

mkdir bin lib64 lib

     Then, I'll copy the 'bash' shell and 'ls' programs into the 'bin' folder:

cp -v /bin/{bash,ls} bin/

     This chroot environment won't work yet, but I can try to start it anyway:

sudo chroot /tmp/my-example-chroot

     As expected, I get the following error message:

#chroot: failed to run command ‘/bin/bash’: No such file or directory

Identifying Dependencies For A 'chroot' Environment

     I need to use 'ldd' command to identify the dependencies of bash and ls:

ldd /bin/bash /bin/ls

     On my machine, I get the following output:

/bin/bash:
	linux-vdso.so.1 (0x00007fff78519000)
	libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007fafcef6a000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fafcef64000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fafced72000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fafcf0df000)
/bin/ls:
	linux-vdso.so.1 (0x00007ffcc5386000)
	libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f1b81e35000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1b81c43000)
	libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f1b81bb2000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1b81bac000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f1b81e9e000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1b81b89000)

     The output for you will probably differ slightly.  From the above output, I see the following list of dependencies that need to be copied into my chroot environment before it will work:

/lib64/ld-linux-x86-64.so.2
/lib/x86_64-linux-gnu/libc.so.6
/lib/x86_64-linux-gnu/libdl.so.2
/lib/x86_64-linux-gnu/libpcre2-8.so.0
/lib/x86_64-linux-gnu/libpthread.so.0
/lib/x86_64-linux-gnu/libselinux.so.1
/lib/x86_64-linux-gnu/libtinfo.so.6

     Now, I can use the following 'cp' commands to copy the dependencies listed above into the chroot environment:

cp -v /lib64/ld-linux-x86-64.so.2 lib64
cp -v /lib/x86_64-linux-gnu/{libc.so.6,libdl.so.2,libpcre2-8.so.0,libpthread.so.0,libselinux.so.1,libtinfo.so.6} lib

     Now, I can try running the chroot environment again:

sudo chroot /tmp/my-example-chroot

     This time it works! However, this 'chroot' environment only contains the 'ls' and 'bash' programs, so it isn't very useful.  If I try running other commands like these ones:

cp
rm
mv

     I'll see error messages:

bash: cp: command not found
bash: rm: command not found
bash: mv: command not found

     This is expected because I didn't add the 'cp', 'rm' or 'mv' commands to the 'chroot' environment, so they are not accessible.  If you wanted to add them, you'd have to copy them in individually and also use the 'ldd' command to make sure you also bring in their dependencies.

     And that's why the 'chroot' command is my favourite Linux command.