wiki:howto/FedoraChroot

Version 3 (modified by Edwin Eefting, 12 years ago) (diff)

--

Opzetten chroot basis omgeving fedora core

Het opzetten van een chroot basis omgeving is normaal een hoop kopieer en puzzel werk.

Echter bevat yum een handige --installroot optie om alles op ene automatische en nette manier te doen.

Het enige wat nodig is voor een minimale omgeving is bash en alle dependencys. Deze proberen we als volgt te installeren:

[root@localhost ~]# yum --installroot=/chrootedlogin install bash
removing mirrorlist with no valid mirrors: /chrootedlogin/var/cache/yum/fedora/mirrorlist.txt
Error: Cannot retrieve repository metadata (repomd.xml) for repository: fedora. Please verify its path and try again
[root@localhost ~]# cp /var/cache/yum/fedora/mirrorlist.txt /chrootedlogin/var/cache/yum/fedora/mirrorlist.txt
[root@localhost ~]# yum --installroot=/chrootedlogin install bash
fedora                                                                                                 | 2.4 kB     00:00
primary.sqlite.bz2                                                                                     | 6.1 MB     00:09
removing mirrorlist with no valid mirrors: /chrootedlogin/var/cache/yum/updates/mirrorlist.txt
Error: Cannot retrieve repository metadata (repomd.xml) for repository: updates. Please verify its path and try again
You have new mail in /var/spool/mail/root
[root@localhost ~]# cp /var/cache/yum/updates/mirrorlist.txt /chrootedlogin/var/cache/yum/updates/mirrorlist.txt

De files die ontbreken kopieren we van het hoofd systeem, totdat yum het doet. (Dit zijn slechts 2 mirrorlist files)

Hierna gaat het installeren van bash correct:

[root@localhost ~]# yum --installroot=/chrootedlogin install bash
updates                                                                                                | 2.6 kB     00:00
primary.sqlite.bz2                                                                                     | 9.1 kB     00:00
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package bash.i386 0:3.2-22.fc9 set to be updated
--> Processing Dependency: libc.so.6(GLIBC_2.2) for package: bash
--> Processing Dependency: libc.so.6(GLIBC_2.4) for package: bash
--> Processing Dependency: rtld(GNU_HASH) for package: bash
--> Processing Dependency: libc.so.6(GLIBC_2.1) for package: bash
--> Processing Dependency: libc.so.6(GLIBC_2.3.4) for package: bash
--> Processing Dependency: mktemp for package: bash
--> Processing Dependency: libtinfo.so.5 for package: bash
--> Processing Dependency: libdl.so.2(GLIBC_2.1) for package: bash
--> Processing Dependency: libc.so.6 for package: bash
--> Processing Dependency: libdl.so.2(GLIBC_2.0) for package: bash
--> Processing Dependency: ncurses for package: bash
--> Processing Dependency: libdl.so.2 for package: bash
--> Processing Dependency: libc.so.6(GLIBC_2.0) for package: bash
--> Processing Dependency: libc.so.6(GLIBC_2.3) for package: bash
--> Running transaction check
---> Package ncurses-libs.i386 0:5.6-16.20080301.fc9 set to be updated
--> Processing Dependency: ncurses-base = 5.6-16.20080301.fc9 for package: ncurses-libs
---> Package glibc.i686 0:2.8-3 set to be updated
--> Processing Dependency: basesystem for package: glibc
--> Processing Dependency: libgcc for package: glibc
--> Processing Dependency: glibc-common = 2.8-3 for package: glibc
---> Package coreutils.i386 0:6.10-18.fc9 set to be updated
--> Processing Dependency: libacl.so.1 for package: coreutils
--> Processing Dependency: libacl.so.1(ACL_1.0) for package: coreutils
--> Processing Dependency: /sbin/install-info for package: coreutils
--> Processing Dependency: libpam.so.0 for package: coreutils
--> Processing Dependency: libselinux.so.1 for package: coreutils
--> Processing Dependency: grep for package: coreutils
--> Processing Dependency: libpam.so.0(LIBPAM_1.0) for package: coreutils
--> Processing Dependency: libselinux >= 1.25.6-1 for package: coreutils
--> Processing Dependency: libpam_misc.so.0 for package: coreutils
--> Processing Dependency: pam >= 0.66-12 for package: coreutils
--> Processing Dependency: libpam_misc.so.0(LIBPAM_MISC_1.0) for package: coreutils
---> Package ncurses.i386 0:5.6-16.20080301.fc9 set to be updated
--> Running transaction check
---> Package pam.i386 0:1.0.1-2.fc9 set to be updated
--> Processing Dependency: audit-libs >= 1.0.8 for package: pam
--> Processing Dependency: cracklib-dicts >= 2.8 for package: pam
--> Processing Dependency: libaudit.so.0 for package: pam
--> Processing Dependency: cracklib for package: pam
--> Processing Dependency: libcrack.so.2 for package: pam
---> Package libselinux.i386 0:2.0.61-1.fc9 set to be updated
--> Processing Dependency: libsepol >= 2.0.18-2 for package: libselinux
---> Package libacl.i386 0:2.2.47-1.fc9 set to be updated
--> Processing Dependency: libattr.so.1(ATTR_1.0) for package: libacl
--> Processing Dependency: libattr.so.1 for package: libacl
---> Package basesystem.noarch 0:8.1-1 set to be updated
--> Processing Dependency: filesystem for package: basesystem
--> Processing Dependency: setup for package: basesystem
---> Package info.i386 0:4.11-5.fc9 set to be updated
--> Processing Dependency: libz.so.1 for package: info
---> Package glibc-common.i386 0:2.8-3 set to be updated
--> Processing Dependency: tzdata >= 2003a for package: glibc-common
---> Package libgcc.i386 0:4.3.0-8 set to be updated
---> Package ncurses-base.i386 0:5.6-16.20080301.fc9 set to be updated
---> Package grep.i386 0:2.5.1-59.fc9 set to be updated
--> Processing Dependency: libpcre.so.0 for package: grep
--> Running transaction check
---> Package libattr.i386 0:2.4.41-1.fc9 set to be updated
---> Package audit-libs.i386 0:1.7.2-6.fc9 set to be updated
---> Package setup.noarch 0:2.6.14-1.fc9 set to be updated
---> Package filesystem.i386 0:2.4.13-1.fc9 set to be updated
---> Package zlib.i386 0:1.2.3-18.fc9 set to be updated
---> Package cracklib-dicts.i386 0:2.8.12-2 set to be updated
---> Package pcre.i386 0:7.3-3.fc9 set to be updated
--> Processing Dependency: libstdc++.so.6(CXXABI_1.3) for package: pcre
--> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4.9) for package: pcre
--> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4) for package: pcre
--> Processing Dependency: libstdc++.so.6 for package: pcre
---> Package tzdata.noarch 0:2008b-1.fc9 set to be updated
---> Package cracklib.i386 0:2.8.12-2 set to be updated
---> Package libsepol.i386 0:2.0.26-1.fc9 set to be updated
--> Running transaction check
---> Package libstdc++.i386 0:4.3.0-8 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 bash                    i386       3.2-22.fc9       fedora            1.8 M
Installing for dependencies:
 audit-libs              i386       1.7.2-6.fc9      fedora             74 k
 basesystem              noarch     8.1-1            fedora            2.9 k
 coreutils               i386       6.10-18.fc9      fedora            4.4 M
 cracklib                i386       2.8.12-2         fedora             47 k
 cracklib-dicts          i386       2.8.12-2         fedora            3.7 M
 filesystem              i386       2.4.13-1.fc9     fedora            119 k
 glibc                   i686       2.8-3            fedora            5.5 M
 glibc-common            i386       2.8-3            fedora             21 M
 grep                    i386       2.5.1-59.fc9     fedora            182 k
 info                    i386       4.11-5.fc9       fedora            167 k
 libacl                  i386       2.2.47-1.fc9     fedora             22 k
 libattr                 i386       2.4.41-1.fc9     fedora             13 k
 libgcc                  i386       4.3.0-8          fedora             45 k
 libselinux              i386       2.0.61-1.fc9     fedora            116 k
 libsepol                i386       2.0.26-1.fc9     fedora            129 k
 libstdc++               i386       4.3.0-8          fedora            317 k
 ncurses                 i386       5.6-16.20080301.fc9  fedora            169 k
 ncurses-base            i386       5.6-16.20080301.fc9  fedora             59 k
 ncurses-libs            i386       5.6-16.20080301.fc9  fedora            326 k
 pam                     i386       1.0.1-2.fc9      fedora            1.1 M
 pcre                    i386       7.3-3.fc9        fedora            140 k
 setup                   noarch     2.6.14-1.fc9     fedora            140 k
 tzdata                  noarch     2008b-1.fc9      fedora            752 k
 zlib                    i386       1.2.3-18.fc9     fedora             74 k

Transaction Summary
=============================================================================
Install     25 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 41 M
Is this ok [y/N]: y
Downloading Packages:
(1/25): basesystem-8.1-1.noarch.rpm                                                                    | 2.9 kB     00:00
(2/25): libattr-2.4.41-1.fc9.i386.rpm                                                                  |  13 kB     00:00
(3/25): libacl-2.2.47-1.fc9.i386.rpm                                                                   |  22 kB     00:00
(4/25): libgcc-4.3.0-8.i386.rpm                                                                        |  45 kB     00:00
(5/25): cracklib-2.8.12-2.i386.rpm                                                                     |  47 kB     00:00
(6/25): ncurses-base-5.6-16.20080301.fc9.i386.rpm                                                      |  59 kB     00:00
(7/25): audit-libs-1.7.2-6.fc9.i386.rpm                                                                |  74 kB     00:00
(8/25): zlib-1.2.3-18.fc9.i386.rpm                                                                     |  74 kB     00:00
(9/25): libselinux-2.0.61-1.fc9.i386.rpm                                                               | 116 kB     00:00
(10/25): filesystem-2.4.13-1.fc9.i386.rpm                                                              | 119 kB     00:00
(11/25): libsepol-2.0.26-1.fc9.i386.rpm                                                                | 129 kB     00:00
(12/25): setup-2.6.14-1.fc9.noarch.rpm                                                                 | 140 kB     00:00
(13/25): pcre-7.3-3.fc9.i386.rpm                                                                       | 140 kB     00:00
(14/25): info-4.11-5.fc9.i386.rpm                                                                      | 167 kB     00:00
(15/25): ncurses-5.6-16.20080301.fc9.i386.rpm                                                          | 169 kB     00:00
(16/25): grep-2.5.1-59.fc9.i386.rpm                                                                    | 182 kB     00:00
(17/25): libstdc++-4.3.0-8.i386.rpm                                                                    | 317 kB     00:00
(18/25): ncurses-libs-5.6-16.20080301.fc9.i386.rpm                                                     | 326 kB     00:00
(19/25): tzdata-2008b-1.fc9.noarch.rpm                                                                 | 752 kB     00:01
(20/25): pam-1.0.1-2.fc9.i386.rpm                                                                      | 1.1 MB     00:02
(21/25): bash-3.2-22.fc9.i386.rpm                                                                      | 1.8 MB     00:02
(22/25): cracklib-dicts-2.8.12-2.i386.rpm                                                              | 3.7 MB     00:06
(23/25): coreutils-6.10-18.fc9.i386.rpm                                                                | 4.4 MB     00:08
(24/25): glibc-2.8-3.i686.rpm                                                                          | 5.5 MB     00:10
(25/25): glibc-common-2.8-3.i386.rpm                                                                   |  21 MB     00:38
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Importing GPG key 0x4F2A6FD2 "Fedora Project <fedora@redhat.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
Is this ok [y/N]: y
Importing GPG key 0xDB42A60E "Red Hat, Inc <security@redhat.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : setup                                           [ 1/25]
  Installing     : filesystem                                      [ 2/25]
  Installing     : basesystem                                      [ 3/25]
  Installing     : ncurses-base                                    [ 4/25]
  Installing     : tzdata                                          [ 5/25]
  Installing     : libgcc                                          [ 6/25]
  Installing     : glibc                                           [ 7/25]
  Installing     : ncurses-libs                                    [ 8/25]
  Installing     : ncurses                                         [ 9/25]
  Installing     : bash                                            [10/25]
  Installing     : cracklib                                        [11/25]
  Installing     : libsepol                                        [12/25]
  Installing     : libselinux                                      [13/25]
  Installing     : libattr                                         [14/25]
  Installing     : libacl                                          [15/25]
  Installing     : libstdc++                                       [16/25]
  Installing     : pcre                                            [17/25]
  Installing     : glibc-common                                    [18/25]
  Installing     : zlib                                            [19/25]
  Installing     : info                                            [20/25]
  Installing     : grep                                            [21/25]
  Installing     : audit-libs                                      [22/25]
  Installing     : cracklib-dicts                                  [23/25]
  Installing     : coreutils                                       [24/25]
  Installing     : pam                                             [25/25]

Installed: bash.i386 0:3.2-22.fc9
Dependency Installed: audit-libs.i386 0:1.7.2-6.fc9 basesystem.noarch 0:8.1-1 coreutils.i386 0:6.10-18.fc9 cracklib.i386 0:2.8.12-2 cracklib-dicts.i386 0:2.8.12-2 filesystem.i386 0:2.4.13-1.fc9 glibc.i686 0:2.8-3 glibc-common.i386 0:2.8-3 grep.i386 0:2.5.1-59.fc9 info.i386 0:4.11-5.fc9 libacl.i386 0:2.2.47-1.fc9 libattr.i386 0:2.4.41-1.fc9 libgcc.i386 0:4.3.0-8 libselinux.i386 0:2.0.61-1.fc9 libsepol.i386 0:2.0.26-1.fc9 libstdc++.i386 0:4.3.0-8 ncurses.i386 0:5.6-16.20080301.fc9 ncurses-base.i386 0:5.6-16.20080301.fc9 ncurses-libs.i386 0:5.6-16.20080301.fc9 pam.i386 0:1.0.1-2.fc9 pcre.i386 0:7.3-3.fc9 setup.noarch 0:2.6.14-1.fc9 tzdata.noarch 0:2008b-1.fc9 zlib.i386 0:1.2.3-18.fc9
Complete!

Nu kunnen we onze chroot omgeving testen:

[root@localhost ~]# chroot /chrootedlogin/
bash-3.2# ls /
bin  boot  chrootedlogin  dev  etc  home  lib  media  mnt  opt  proc  root  sbin  selinux  srv  sys  tmp  usr  var

We hebben nu een basis omgeving, waar in principe op ingelogd kan worden.

Inloggen in chroot omgeving

Dit gaat door simpelweg /etc/ssh/sshd_config aan te passen.

Hierin stelt men de ChrootDirectory? in op /chrootedlogin.

Iedereen die nu inlogt via ssh komt nu in deze directory. Ook de rootuser dus!