Embedded Files
The basic steps to create a chroot jail are:
Create the chroot directory
Install a shell/interpreter
Install the shell/interpreter's dependencies
Caveat: Root privileges are needed to create a chroot. (either run su to login as root, OR run each command prefixed by sudo )
Step by Step
Step by Step
1. Create the chroot directory
Caveat: This is an example, the reader should replace '/chroot' with the file path to their chroot and replace 'jail' with the name of their chroot.
Code:
#create the chroot directory
mkdir -p /chroot/jail ; wait ;
# optionally set file permissions
chown -v 0:0 /chroot/jail ; wait ;
chmod -v 0751 /chroot/jail ; wait ;
2. Install a shell or an interpreter
Caveat: For this example the shell will be bash.
Copy the actual bash binary to the corresponding chroot directory.
Code:
# make the corresponding file hierarchy in the chroot
mkdir -vp /chroot/jail$(dirname $(which bash)) ; wait ;
cp -pvf $(which bash) /chroot/jail/$(which bash) ; wait ;
3. Install the shell's (or the interpreter's) dependencies
Find the actual bash dependencies.
Use the ldd command (or otool on Darwin) to find the dependencies of bash. Please note, the results will vary as the dependencies are very platform dependent.
Caveat: This is only an example
Linux:
ldd /bin/bash
linux-vdso.so.1 => (0xXXXXXXXXXXXXXXXX)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0xXXXXXXXXXXXXXXXX)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0xXXXXXXXXXXXXXXXX)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0xXXXXXXXXXXXXXXXX)
/lib64/ld-linux-x86-64.so.2 (0xXXXXXXXXXXXXXXXX)
Rasbian:
El Captain:
otool -L /bin/bash
/bin/bash:
/usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1225.0.0)
Yosemite and earlier:
otool -L /bin/bash | grep \ name
name /usr/lib/dydl (offset XX)
name /usr/lib/libncurses.5.4.dylib (ofset XX)
name /usr/lib/libSystem.B.dylib (ofset XX)
Copy the all of the dependencies to the corresponding chroot directories. The ldd command provides the full path to each dependency. Note: Some systems have recursive dependencies; that is some dependencies that in turn have additional dependencies. Be sure to check all dependencies.
Rasbian Example:
# make the corresponding file hierarchy in the chroot
for EACH_DEPENDANCY in libncurses.so.5 libtinfo.so.5 libdl.so.2 libc.so.6 ../ld-linux-armhf.so.3
do
# make the corresponding file hierarchy in the chroot
mkdir -vp /chroot/jail/lib/arm-linux-gnueabihf/ ; wait ;
# install the dependency
cp -pvf /lib/arm-linux-gnueabihf/$EACH_DEPENDANCY /chroot/jail/lib/arm-linux-gnueabihf/$EACH_DEPENDANCY ; wait ;
done
# make the corresponding file hierarchy in the chroot
mkdir -vp /chroot/jail/usr/lib/arm-linux-gnueabihf/
cp -pvf /usr/lib/arm-linux-gnueabihf/libcofi_rpi.so /chroot/jail/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so ; wait ;
4. Use the chroot
Chroot into the chroot jail.
Entry Code:
# run bash in the chroot
chroot /chroot/jail/ bash --login
Exit Code:
# to exit from bash within the chroot
exit
Page updated
Google Sites
Report abuse