1SCHROOT(1)                       Debian sbuild                      SCHROOT(1)
2
3
4

NAME

6       schroot - securely enter a chroot environment
7

SYNOPSIS

9       schroot  [-h|--help | -V|--version  | -l|--list | -i|--info  | --config
10       |  --location    |  --automatic-session      |   -b|--begin-session   |
11       --recover-session   | -r|--run-session | -e|--end-session] [-f|--force]
12       [-n  session-name|--session-name=session-name]  [-d  directory|--direc‐
13       tory=directory]  [-u  user|--user=user] [-p|--preserve-environment] [-s
14       shell|--shell=shell]     [-q|--quiet      |      -v|--verbose]      [-c
15       chroot|--chroot=chroot  | [--all | --all-chroots | --all-source-chroots
16       |  --all-sessions]  [--exclude-aliases]]  [-o|--option=key=value]  [--]
17       [COMMAND [ ARG1 [ ARG2 [ ARGn]]]]
18

DESCRIPTION

20       schroot  allows  the user to run a command or a login shell in a chroot
21       environment.  If no command is specified, a login shell will be started
22       in the user's current working directory inside the chroot.
23
24       The  command is a program, plus as many optional arguments as required.
25       Each argument may be separately quoted.
26
27       The directory the command or login shell is run  in  depends  upon  the
28       context.  See --directory option below for a complete description.
29
30       All chroot usage will be logged in the system logs.  Under some circum‐
31       stances, the user may be required to authenticate themselves;  see  the
32       section “Authentication”, below.
33
34       If  no  chroot is specified, the chroot name or alias ‘default’ will be
35       used as a fallback.  This is equivalent to “--chroot=default”.
36

OVERVIEW

38       There is often a need to run  programs  in  a  virtualised  environment
39       rather  than  on the host system directly.  Unlike other virtualisation
40       systems such as kvm or Xen, schroot does not virtualise the entire sys‐
41       tem; it only virtualises the filesystem, and some parts of the filesys‐
42       tem may still be shared with the host.  It is  therefore  fast,  light‐
43       weight  and flexible.  However, it does not virtualise other aspects of
44       the system, such as shared memory, networking, devices etc., and so may
45       be  less  secure  than  other systems, depending upon its intended use.
46       Some examples of existing uses for schroot include:
47
48       ·      Running an untrusted program in a  sandbox,  so  that  it  can't
49              interfere  with  files on the host system; this may also be used
50              to limit the damage a compromised service can inflict  upon  the
51              host
52
53       ·      Using  a  defined  or clean environment, to guarantee the repro‐
54              ducibility and integrity of a given task
55
56       ·      Using different versions of an operating system, or even differ‐
57              ent  operating systems altogether, e.g. different GNU/Linux dis‐
58              tributions
59
60       ·      Running 32-bit programs using a 32-bit chroot on a  64-bit  host
61              system
62
63       ·      Automatic  building  of  Debian  packages using sbuild(1), which
64              builds each package in a pristine chroot snapshot when using LVM
65              snapshots or unions
66
67       ·      Supporting multiple system images in a cluster setup, where mod‐
68              ifying the base image is time-consuming  and/or  supporting  all
69              the  required  configurations needed by users is difficult: dif‐
70              ferent chroots can  support  all  the  different  configurations
71              required,  and  cluster users may be given access to the chroots
72              they need (which can include root access for  trusted  users  to
73              maintain their own images)
74
75       A  chroot may be used directly as root by running chroot(8), but normal
76       users are not able to use  this  command.   schroot  allows  access  to
77       chroots  for  normal  users  using the same mechanism, but with several
78       additional features.  While schroot uses a directory as a  chroot  just
79       like  chroot(8),  it does not require this to be a regular directory in
80       the filesystem.  While this is the default, the chroot can also be cre‐
81       ated  from  a file, a filesystem, including LVM and Btrfs snapshots and
82       loopback mounts, or composed of a unionfs overlay.  Being user-extensi‐
83       ble,  the  scope for creating chroots from different sources is limited
84       only by your imagination.  schroot performs  permissions  checking  and
85       allows  additional  automated  setup of the chroot environment, such as
86       mounting additional filesystems and other  configuration  tasks.   This
87       automated  setup  is done through the action of setup scripts which may
88       be customised and extended to perform any  actions  required.   Typical
89       actions include mounting the user's home directory, setting up network‐
90       ing and system databases, and even starting  up  services.   These  are
91       again  entirely  customisable  by the admin.  The setup scripts are run
92       for all types of chroot, with the exception of the  ‘plain’  type,  the
93       simplest chroot type, offering no automated setup features at all.  The
94       configuration of schroot is covered in more detail in schroot.conf(5).
95

OPTIONS

97       schroot accepts the following options:
98
99   Actions
100       -h, --help
101              Show help summary.
102
103       -V, --version
104              Print version information.
105
106       -l, --list
107              List all available chroots.
108
109       -i, --info
110              Print detailed information about the specified chroots.
111
112       --config
113              Print configuration of the specified chroots.   This  is  useful
114              for  testing  that  the  configuration in use is the same as the
115              configuration file.  Any comments in the original file  will  be
116              missing.
117
118       --location
119              Print  location  (path)  of  the  specified  chroots.  Note that
120              chroot types which can only be used within a  session  will  not
121              have a location until they are active.
122
123   General options
124       -q, --quiet
125              Print only essential messages.
126
127       -v, --verbose
128              Print all messages.
129
130   Chroot selection
131       -c, --chroot=chroot
132              Specify  a  chroot or active session to use.  This option may be
133              used multiple times to specify more than one  chroot,  in  which
134              case  its  effect  is  similar to --all.  The chroot name may be
135              prefixed with a namespace; see the section “Chroot  Namespaces”,
136              below.
137
138       -a, --all
139              Select  all chroots, source chroots and active sessions.  When a
140              command has been specified, the  command  will  be  run  in  all
141              chroots, source chroots and active sessions.  If --info has been
142              used, display information about all chroots.  This  option  does
143              not  make  sense  to use with a login shell (run when no command
144              has   been   specified).    This   option   is   equivalent   to
145              “--all-chroots --all-source-chroots --all-sessions”.
146
147       --all-chroots
148              Select  all  chroots.   Identical  to  --all, except that source
149              chroots and active sessions are not considered.
150
151       --all-sessions
152              Select all active sessions.  Identical  to  --all,  except  that
153              chroots and source chroots are not considered.
154
155       --all-source-chroots
156              Select  all  source  chroots.   Identical  to --all, except that
157              chroots and sessions are not considered.
158
159       --exclude-aliases
160              Do not select aliases in addition to chroots.  This ensures that
161              only real chroots are selected, and are only listed once.
162
163   Chroot environment
164       -d, --directory=directory
165              Change to directory inside the chroot before running the command
166              or login shell.  If directory is  not  available,  schroot  will
167              exit with an error status.
168
169              The  default  behaviour  is  as follows (all directory paths are
170              inside the chroot).  A login shell is run in the current working
171              directory.   If  this  is not available, it will try $HOME (when
172              --preserve-environment is used), then the user's home directory,
173              and / inside the chroot in turn.  A command is always run in the
174              current working directory inside the chroot.   If  none  of  the
175              directories  are available, schroot will exit with an error sta‐
176              tus.
177
178       -u, --user=user
179              Run as a different user.  The default is to run as  the  current
180              user.   If  required,  the  user may be required to authenticate
181              themselves with a password.  For further  information,  see  the
182              section “Authentication”, below.
183
184       -p, --preserve-environment
185              Preserve  the  user's environment inside the chroot environment.
186              The default is to use a clean environment;  this  option  copies
187              the  entire  user  environment  and sets it in the session.  The
188              environment variables allowed are subject  to  certain  restric‐
189              tions; see the section “Environment”, below.
190
191       -s, --shell=shell
192              Use shell as the login shell.  When running a login shell a num‐
193              ber of potential shells will be considered, in this  order:  the
194              command  in  the SHELL environment variable (if --preserve-envi‐
195              ronment is used, or preserve-environment is enabled), the user's
196              shell  in  the ‘passwd’ database, /bin/bash and finally /bin/sh.
197              This option overrides this list, and will use the  shell  speci‐
198              fied.   This  option also overrides the shell configuration key,
199              if set.
200
201       -o, --option=key=value
202              Set an option.  The value of selected configuration keys in sch‐
203              root.conf  may  be  modified using this option.  The key must be
204              present in the user-modifiable-keys configuration  key  in  sch‐
205              root.conf,  or additionally the user-modifiable-keys key if run‐
206              ning as (or switching to) the root user.  The key and value  set
207              here  will  be  set in the environment of the setup scripts, and
208              may hence be used to  customise  the  chroot  on  a  per-session
209              basis.
210
211   Session actions
212       --automatic-session
213              Begin, run and end a session automatically.  This is the default
214              action, so does not require specifying in normal operation.
215
216       -b, --begin-session
217              Begin a session.  A unique session identifier  (session  ID)  is
218              returned  on standard output.  The session ID is required to use
219              the other session options.  Note that the session identifier may
220              be specified with the --session-name option.
221
222       --recover-session
223              Recover  an existing session.  If an existing session has become
224              unavailable, for example becoming unmounted  due  to  a  reboot,
225              this  option  will make the session available for use again, for
226              example by remounting it.  The session ID is specified with  the
227              --chroot option.
228
229       -r, --run-session
230              Run  an  existing session.  The session ID is specified with the
231              --chroot option.
232
233       -e, --end-session
234              End an existing session.  The session ID is specified  with  the
235              --chroot option.
236
237   Session options
238       -n, --session-name=session-name
239              Name a session.  The specified session-name replaces the default
240              session name containing an automatically-generated  session  ID.
241              The  session  name must not contain a namespace qualifier, since
242              sessions are always created  within  the  ‘session:’  namespace.
243              The  session  name is also subject to the chroot naming restric‐
244              tions documented in schroot.conf(5).
245
246       -f, --force
247              Force a session operation, even  if  it  would  otherwise  fail.
248              This  may  be  used  to  forcibly  end a session, even if it has
249              active users.  This does not guarantee that the session will  be
250              ended cleanly; filesystems may not be unmounted, for example.
251
252   Separator
253       --     End  of  options.   Used  to  indicate  the  end  of the schroot
254              options; any following options will be  passed  to  the  command
255              being run, rather than to schroot.
256

AUTHENTICATION

258       If  the  user is not an allowed user, or a member of the allowed groups
259       (or if changing to root, the allowed root users or allowed root groups)
260       for the specified chroot(s), permission will be immediately denied.  If
261       switching users, and the user running the command has access, the  user
262       will  be  required  to authenticate themselves using the credentials of
263       the user being switched to.
264
265       On systems supporting Pluggable Authentication Modules  (PAM),  schroot
266       will  use  PAM  for  authentication and authorisation of users.  If and
267       when required, schroot will prompt for  a  password.   If  PAM  is  not
268       available,  all  authentication will automatically fail (user switching
269       is not supported without PAM).
270
271       Note that when PAM is in use, the root user is not granted any  special
272       privileges by default in the program.  However, the default PAM config‐
273       uration permits root to log in without a password (pam_rootok.so),  but
274       this  may be disabled to prevent root from accessing any chroots except
275       if specifically permitted.  In such a situation, root must be added  to
276       the  allowed users or groups as for any other user or group.  If PAM is
277       not available, the root user will be permitted to access  all  chroots,
278       even when not explicitly granted access.
279

CHROOT NAMESPACES

281   Namespace basics
282       There  are  three  different  types  of chroot: regular chroots, source
283       chroots and session chroots.  These different types of chroot are sepa‐
284       rated  into  different namespaces.  A namespace is a prefix to a chroot
285       name.  Currently there are three namespaces: ‘chroot:’,  ‘source:’  and
286       ‘session:’.   Use  --list  --all  to  list all available chroots in all
287       namespaces.  Because ‘:’ is used as the separator between namespace and
288       chroot  names,  it  is  not  permitted  to use this character in chroot
289       names.
290
291       Depending upon the action you request schroot to take, it may look  for
292       the  chroot  in  one of the three namespaces, or a particular namespace
293       may be specified.  For example, a chroot named “sid” is actually  named
294       “chroot:sid”  if  the  namespace  is included, but the namespace may be
295       omitted for most actions.
296
297   Source chroots
298       Some chroot types, for example LVM snapshots and Btrfs snapshots,  pro‐
299       vide session-managed copy-on-write snapshots of the chroot.  These also
300       provide a source chroot to allow easy access to the filesystem used  as
301       a  source  for  snapshotting.   These are regular chroots as well, just
302       with the snapshotting disabled.   For  a  chroot  named  “sid-snapshot”
303       (i.e. with a fully qualified name of “chroot:sid-snapshot”), there will
304       also be a  corresponding  source  chroot  named  “source:sid-snapshot”.
305       Earlier  versions  of  schroot provided source chroots with a ‘-source’
306       suffix.  These are also provided for compatibility.  In  this  example,
307       this would be called “chroot:sid-snapshot-source”.  These compatibility
308       names will be dropped in a future  version,  so  programs  and  scripts
309       should  switch  to  using the namespace-qualified names rather than the
310       old suffix.
311
312   Session chroots
313       All sessions created with --begin-session are placed within  the  ‘ses‐
314       sion:’  namespace.   A  session  named with --session-name may have any
315       name, even the same name as the chroot it was created  from,  providing
316       that  it  is  unique  within this namespace.  This was not permitted in
317       previous versions of schroot which did not have namespaces.
318
319   Actions and default namespaces
320       All actions use ‘chroot:’ as the default namespace, with  some  session
321       actions  being  the  exception.   --run-session,  --recover-session and
322       --end-session use ‘session:’ as the default  namespace  instead,  since
323       these  actions  work on session chroots.  The upshot is that the names‐
324       pace is usually never required except when you  need  to  work  with  a
325       chroot  in  a  namespace  other  than the default, such as when using a
326       source chroot.  To make chroot selection unambiguous, it is always pos‐
327       sible  to  use  the  full  name  including the namespace, even when not
328       strictly required.
329

PERFORMANCE

331       Performance on some filesystems, for example Btrfs, is bad when running
332       dpkg due to the amount of fsync operations performed.  This may be mit‐
333       igated by installing the eatmydata package and then adding eatmydata to
334       the  command-prefix  configuration key, which disables all fsync opera‐
335       tions.  Note that this should only be done in  snapshot  chroots  where
336       data  loss  is  not  an  issue.  This is useful when using a chroot for
337       package building, for example.
338

DIRECTORY FALLBACKS

340       schroot will select an appropriate directory to use within  the  chroot
341       based  upon  whether an interactive login shell will be used, or a com‐
342       mand invoked, and additionally if the --directory option is  used.   In
343       the  case  of  running  commands  directly,  or explicitly specifying a
344       directory, only one directory will be used for safety and  consistency,
345       while  for  a login shell several possibilities may be tried.  The fol‐
346       lowing subsections list the fallback sequence for each  case.   CWD  is
347       the  current  working  directory,  DIR  is the directory specified with
348       --directory.
349
350   Login shell
351       ┌────────────────────┬──────────────────────────────────────────┐
352       │Transition          │                                          │
353       │(Host → Chroot)     │ Comment                                  │
354       ├────────────────────┼──────────────────────────────────────────┤
355       │CWD → CWD           │ Normal behaviour (if --directory is  not │
356       │                    │ used)                                    │
357       │CWD → $HOME         │ If   CWD   is   nonexistent  and  --pre‐ │
358       │                    │ serve-environment is used                │
359       │CWD → passwd pw_dir │ If  CWD  is   nonexistent   (or   --pre‐ │
360       │                    │ serve-environment  is  used and no $HOME │
361       │                    │ exists)                                  │
362       │CWD → /             │ None of the above exist                  │
363FAIL                │ If / is nonexistent                      │
364       └────────────────────┴──────────────────────────────────────────┘
365   Command
366       ┌────────────────┬──────────────────────────────────────────┐
367       │Transition      │                                          │
368       │(Host → Chroot) │ Comment                                  │
369       ├────────────────┼──────────────────────────────────────────┤
370       │CWD → CWD       │ Normal behaviour (if --directory is  not │
371       │                │ used)                                    │
372FAIL            │ If CWD is nonexistent                    │
373       └────────────────┴──────────────────────────────────────────┘
374       No fallbacks should exist under any circumstances.
375
376   --directory used
377       ┌────────────────┬──────────────────────────────────────────┐
378       │Transition      │                                          │
379       │(Host → Chroot) │ Comment                                  │
380       ├────────────────┼──────────────────────────────────────────┤
381       │CWD → DIR       │ Normal behaviour                         │
382FAIL            │ If DIR is nonexistent                    │
383       └────────────────┴──────────────────────────────────────────┘
384       No fallbacks should exist under any circumstances.
385
386   Debugging
387       Note  that --debug=notice will show the internal fallback list computed
388       for the session.
389

EXAMPLES

391   List available chroots
392       % schroot -l
393       chroot:default
394       chroot:etch
395       chroot:sid
396       chroot:testing
397       chroot:unstable
398
399   Get information about a chroot
400       % schroot -i -c sid
401         ——— Chroot ———
402         Name                   sid
403         Description            Debian sid (unstable)
404         Type                   plain
405         Priority               3
406         Users                  rleigh
407         Groups                 sbuild
408         Root Users
409         Root Groups            sbuild
410         Aliases                unstable unstable-sbuild unstable-p
411       owerpc-sbuild
412         Environment Filter     ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
413       FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
414       IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
415       RMPATH)$
416         Run Setup Scripts      true
417         Script Configuration   script-defaults
418         Session Managed        true
419         Personality            linux32
420         Location               /srv/chroot/sid
421
422       Use --all or -c multiple times to use all or multiple chroots,  respec‐
423       tively.
424
425   Running commands in a chroot
426       % schroot -c sid /bin/ls
427       [sid chroot] Running command: “/bin/ls”
428       CVS          sbuild-chroot.c   sbuild-session.h  schroot.conf.5
429       Makefile     sbuild-chroot.h   schroot.1         schroot.conf.5.in
430       Makefile.am  sbuild-config.c   schroot.1.in
431       Makefile.in  sbuild-config.h   schroot.c
432       pam          sbuild-session.c  schroot.conf
433       % schroot -c sid -- ls -1 | head -n 5
434       [sid chroot] Running command: “ls -1”
435       ABOUT-NLS
436       AUTHORS
437       COPYING
438       ChangeLog
439       INSTALL
440
441       Use  --  to  allow options beginning with ‘-’ or ‘--’ in the command to
442       run in the chroot.  This prevents them being interpreted as options for
443       schroot  itself.   Note that the top line was echoed to standard error,
444       and the remaining lines to standard output.  This  is  intentional,  so
445       that  program  output  from commands run in the chroot may be piped and
446       redirected as required; the data will be the same as if the command was
447       run directly on the host system.
448
449   Switching users
450       % schroot -c sid -u root
451       Password:
452       [sid chroot] (rleigh→root) Running login shell: “/bin/bash”
453       #
454
455       If the user ‘rleigh’ was in root-users in /etc/schroot/schroot.conf, or
456       one of the groups he belonged to was  in  root-groups,  they  would  be
457       granted  root  access without authentication, but the PAM authorisation
458       step is still applied.
459
460   Sessions
461       A chroot may be needed to run more than one  command.   In  particular,
462       where  the  chroot  is  created  on the fly from an LVM LV or a file on
463       disc, there is a need to make the chroot persistent while a given  task
464       (or  set of tasks) is performed.  Sessions exist for this purpose.  For
465       simple chroot types such as ‘plain’ and ‘directory’,  sessions  may  be
466       created but are not strictly necessary.
467
468       Let's start by looking at a session-capable chroot:
469
470       % schroot -i -c sid-snap
471         ——— Chroot ———
472         Name                   sid-snap
473         Description            Debian sid snapshot
474         Type                   lvm-snapshot
475         Priority               3
476         Users                  maks rleigh
477         Groups                 sbuild
478         Root Users
479         Root Groups            root sbuild
480         Aliases
481         Environment Filter     ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
482       FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
483       IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
484       RMPATH)$
485         Run Setup Scripts      true
486         Script Configuration   script-defaults
487         Session Managed        true
488         Personality            linux
489         Device                 /dev/hda_vg/sid_chroot
490         Mount Options          -o atime,async,user_xattr
491         Source Users
492         Source Groups          root rleigh
493         Source Root Users
494         Source Root Groups     root rleigh
495         LVM Snapshot Options   --size 2G -c 128
496
497       Note  that  the  Session  Managed  option  is set to ‘true’.  This is a
498       requirement in order to use session management,  and  is  supported  by
499       most chroot types.  Next, we will create a new session:
500
501       % schroot -b -c sid-snap
502       sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
503
504       The  session  ID  of  the newly-created session is returned on standard
505       output.  It is common to store it like this:
506
507       % SESSION=$(schroot -b -c sid-snap)
508       % echo $SESSION
509       sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
510
511       The session may be used just like any normal chroot.  This is what  the
512       session looks like:
513
514       % schroot -i -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
515         ——— Session ———
516         Name                   sid-snap-46195b04-0893-49bf-beb8-0d\
517       4ccc899f0f
518         Description            Debian sid snapshot
519         Type                   lvm-snapshot
520         Priority               3
521         Users                  maks rleigh
522         Groups                 sbuild
523         Root Users
524         Root Groups            root sbuild
525         Aliases
526         Environment Filter     ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
527       FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
528       IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
529       RMPATH)$
530         Run Setup Scripts      true
531         Script Configuration   script-defaults
532         Session Managed        true
533         Personality            linux
534         Mount Location         /var/lib/schroot/mount/sid-snap-461\
535       95b04-0893-49bf-beb8-0d4ccc899f0f
536         Path                   /var/lib/schroot/mount/sid-snap-461\
537       95b04-0893-49bf-beb8-0d4ccc899f0f
538         Mount Device           /dev/hda_vg/sid-snap-46195b04-0893-\
539       49bf-beb8-0d4ccc899f0f
540         Device                 /dev/hda_vg/sid_chroot
541         Mount Options          -o atime,async,user_xattr
542         Source Users
543         Source Groups          root rleigh
544         Source Root Users
545         Source Root Groups     root rleigh
546         LVM Snapshot Device    /dev/hda_vg/sid-snap-46195b04-0893-\
547       49bf-beb8-0d4ccc899f0f
548         LVM Snapshot Options   --size 2G -c 128
549
550       Now the session has been created, commands may be run in it:
551
552       % schroot -r -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f -- \
553         uname -sr
554       I: [sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f chroot] Running \
555       command: “uname -sr”
556       Linux 2.6.18-3-powerpc
557       % schroot -r -c $SESSION -- uname -sr
558       I: [sid-snap-fe170af9-d9be-4800-b1bd-de275858b938 chroot] Running \
559       command: “uname -sr”
560       Linux 2.6.18-3-powerpc
561
562       When  all  the  commands to run in the session have been performed, the
563       session may be ended:
564
565       % schroot -e -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f↵
566       % schroot -e -c $SESSION↵
567
568       Finally, the session names can be long and unwieldy.   A  name  may  be
569       specified instead of using the automatically generated session ID:
570
571       % schroot -b -c sid-snap -n my-session-name↵
572       my-session-name
573

TROUBLESHOOTING

575       If something is not working, and it's not clear from the error messages
576       what is wrong, try using the --debug=level option to turn on  debugging
577       messages.   This gives a great deal more information.  Valid debug lev‐
578       els are ‘none’, and ‘notice’, ‘info’, ‘warning’ and ‘critical’ in order
579       of increasing severity.  The lower the severity level, the more output.
580
581       If you are still having trouble, the developers may be contacted on the
582       mailing list:
583       Debian buildd-tools Developers
584       <buildd-tools-devel@lists.alioth.debian.org>
585

BUGS

587       On the mips and mipsel architectures, Linux kernels up to and including
588       at  least  version  2.6.17  have  broken  personality(2) support, which
589       results in a failure to set the personality.  This will be seen  as  an
590       “Operation  not permitted” (EPERM) error.  To work around this problem,
591       set personality to ‘undefined’, or upgrade to a more recent kernel.
592

ENVIRONMENT

594       By default, the environment is not preserved, and the  following  envi‐
595       ronment  variables  are defined: HOME, LOGNAME, PATH, SHELL, TERM (pre‐
596       served if already defined), and USER.  The environment  variables  SCH‐
597       ROOT_COMMAND,  SCHROOT_USER, SCHROOT_GROUP, SCHROOT_UID and SCHROOT_GID
598       are set inside the chroot specifying the command being  run,  the  user
599       name,  group  name,  user ID and group ID, respectively.  Additionally,
600       the environment variables SCHROOT_SESSION_ID,  SCHROOT_CHROOT_NAME  and
601       SCHROOT_ALIAS_NAME  specify  the  session  ID, the original chroot name
602       prior to session creation, and the alias used  to  originally  identify
603       the selected chroot, respectively.
604
605       The following, potentially dangerous, environment variables are removed
606       for  safety  by  default:  BASH_ENV,  CDPATH,  ENV,  HOSTALIASES,  IFS,
607       KRB5_CONFIG,   KRBCONFDIR,  KRBTKFILE,  KRB_CONF,  LD_.*,  LOCALDOMAIN,
608       NLSPATH,  PATH_LOCALE,  RES_OPTIONS,   TERMINFO,   TERMINFO_DIRS,   and
609       TERMPATH.   If  desired,  the environment-filter configuration key will
610       allow the exclusion list to the modified; see schroot.conf(5) for  fur‐
611       ther details.
612

FILES

614   Configuration files
615       /etc/schroot/schroot.conf
616              The system-wide chroot definition file.  This file must be owned
617              by the root user, and not be writable by other.
618
619       /etc/schroot/chroot.d
620              Additional chroot definitions may be placed in files under  this
621              directory.   They  are  treated  in  exactly that same manner as
622              /etc/schroot/schroot.conf.  Each file may contain  one  or  more
623              chroot  definitions.  Note that the files in this directory fol‐
624              low the same naming rules as  run-parts(8)  when  run  with  the
625              --lsbsysinit option.
626
627       /etc/schroot/setup.d
628              The  system-wide  chroot setup script directories.  See schroot-
629              setup(5).
630
631       /etc/pam.d/schroot
632              PAM configuration.
633
634   System directories
635       /usr/libexec/schroot
636              Directory containing helper programs used by setup scripts.
637
638   Session directories
639       Each directory contains a directory or file with the name of each  ses‐
640       sion.  Not all chroot types make use of all the following directories.
641
642       /var/lib/schroot/session
643              Directory  containing  the session configuration for each active
644              session.
645
646       /var/run/schroot/mount
647              Directory used to mount the filesystems used by each active ses‐
648              sion.
649
650       /var/lib/schroot/union/underlay
651              Directory used for filesystem union source (underlay).
652
653       /var/lib/schroot/union/overlay
654              Directory used for filesystem union writeable overlay.
655
656       /var/lib/schroot/unpack
657              Directory used for unpacking file chroots.
658

AUTHORS

660       Roger Leigh.
661
663       Copyright © 2005-2012  Roger Leigh <rleigh@debian.org>
664
665       schroot  is  free  software:  you  can redistribute it and/or modify it
666       under the terms of the GNU General Public License as published  by  the
667       Free  Software Foundation, either version 3 of the License, or (at your
668       option) any later version.
669

SEE ALSO

671       dchroot(1), sbuild(1), chroot(2),  schroot.conf(5).   schroot-setup(5),
672       schroot-faq(7), run-parts(8),
673
674
675
676Version 1.6.10                    05 May 2014                       SCHROOT(1)
Impressum