1SCHROOT(1) Debian sbuild SCHROOT(1)
2
3
4
6 schroot - securely enter a chroot environment
7
9 schroot [-h|--help | -V|--version | -l|--list | -i|--info | --config
10 | --location | --automatic-session | -b|--begin-session |
11 --recover-session | -r|--run-session | -e|--end-session] [-f|--force]
12 [-n session-name|--session-name=session-name] [-d directory|--direc‐
13 tory=directory] [-u user|--user=user] [-p|--preserve-environment] [-s
14 shell|--shell=shell] [-q|--quiet | -v|--verbose] [-c
15 chroot|--chroot=chroot | [--all | --all-chroots | --all-source-chroots
16 | --all-sessions] [--exclude-aliases]] [-o|--option=key=value] [--]
17 [COMMAND [ ARG1 [ ARG2 [ ARGn]]]]
18
20 schroot allows the user to run a command or a login shell in a chroot
21 environment. If no command is specified, a login shell will be started
22 in the user's current working directory inside the chroot.
23
24 The command is a program, plus as many optional arguments as required.
25 Each argument may be separately quoted.
26
27 The directory the command or login shell is run in depends upon the
28 context. See --directory option below for a complete description.
29
30 All chroot usage will be logged in the system logs. Under some circum‐
31 stances, the user may be required to authenticate themselves; see the
32 section “Authentication”, below.
33
34 If no chroot is specified, the chroot name or alias ‘default’ will be
35 used as a fallback. This is equivalent to “--chroot=default”.
36
38 There is often a need to run programs in a virtualised environment
39 rather than on the host system directly. Unlike other virtualisation
40 systems such as kvm or Xen, schroot does not virtualise the entire sys‐
41 tem; it only virtualises the filesystem, and some parts of the filesys‐
42 tem may still be shared with the host. It is therefore fast, light‐
43 weight and flexible. However, it does not virtualise other aspects of
44 the system, such as shared memory, networking, devices etc., and so may
45 be less secure than other systems, depending upon its intended use.
46 Some examples of existing uses for schroot include:
47
48 · Running an untrusted program in a sandbox, so that it can't
49 interfere with files on the host system; this may also be used
50 to limit the damage a compromised service can inflict upon the
51 host
52
53 · Using a defined or clean environment, to guarantee the repro‐
54 ducibility and integrity of a given task
55
56 · Using different versions of an operating system, or even differ‐
57 ent operating systems altogether, e.g. different GNU/Linux dis‐
58 tributions
59
60 · Running 32-bit programs using a 32-bit chroot on a 64-bit host
61 system
62
63 · Automatic building of Debian packages using sbuild(1), which
64 builds each package in a pristine chroot snapshot when using LVM
65 snapshots or unions
66
67 · Supporting multiple system images in a cluster setup, where mod‐
68 ifying the base image is time-consuming and/or supporting all
69 the required configurations needed by users is difficult: dif‐
70 ferent chroots can support all the different configurations
71 required, and cluster users may be given access to the chroots
72 they need (which can include root access for trusted users to
73 maintain their own images)
74
75 A chroot may be used directly as root by running chroot(8), but normal
76 users are not able to use this command. schroot allows access to
77 chroots for normal users using the same mechanism, but with several
78 additional features. While schroot uses a directory as a chroot just
79 like chroot(8), it does not require this to be a regular directory in
80 the filesystem. While this is the default, the chroot can also be cre‐
81 ated from a file, a filesystem, including LVM and Btrfs snapshots and
82 loopback mounts, or composed of a unionfs overlay. Being user-extensi‐
83 ble, the scope for creating chroots from different sources is limited
84 only by your imagination. schroot performs permissions checking and
85 allows additional automated setup of the chroot environment, such as
86 mounting additional filesystems and other configuration tasks. This
87 automated setup is done through the action of setup scripts which may
88 be customised and extended to perform any actions required. Typical
89 actions include mounting the user's home directory, setting up network‐
90 ing and system databases, and even starting up services. These are
91 again entirely customisable by the admin. The setup scripts are run
92 for all types of chroot, with the exception of the ‘plain’ type, the
93 simplest chroot type, offering no automated setup features at all. The
94 configuration of schroot is covered in more detail in schroot.conf(5).
95
97 schroot accepts the following options:
98
99 Actions
100 -h, --help
101 Show help summary.
102
103 -V, --version
104 Print version information.
105
106 -l, --list
107 List all available chroots.
108
109 -i, --info
110 Print detailed information about the specified chroots.
111
112 --config
113 Print configuration of the specified chroots. This is useful
114 for testing that the configuration in use is the same as the
115 configuration file. Any comments in the original file will be
116 missing.
117
118 --location
119 Print location (path) of the specified chroots. Note that
120 chroot types which can only be used within a session will not
121 have a location until they are active.
122
123 General options
124 -q, --quiet
125 Print only essential messages.
126
127 -v, --verbose
128 Print all messages.
129
130 Chroot selection
131 -c, --chroot=chroot
132 Specify a chroot or active session to use. This option may be
133 used multiple times to specify more than one chroot, in which
134 case its effect is similar to --all. The chroot name may be
135 prefixed with a namespace; see the section “Chroot Namespaces”,
136 below.
137
138 -a, --all
139 Select all chroots, source chroots and active sessions. When a
140 command has been specified, the command will be run in all
141 chroots, source chroots and active sessions. If --info has been
142 used, display information about all chroots. This option does
143 not make sense to use with a login shell (run when no command
144 has been specified). This option is equivalent to
145 “--all-chroots --all-source-chroots --all-sessions”.
146
147 --all-chroots
148 Select all chroots. Identical to --all, except that source
149 chroots and active sessions are not considered.
150
151 --all-sessions
152 Select all active sessions. Identical to --all, except that
153 chroots and source chroots are not considered.
154
155 --all-source-chroots
156 Select all source chroots. Identical to --all, except that
157 chroots and sessions are not considered.
158
159 --exclude-aliases
160 Do not select aliases in addition to chroots. This ensures that
161 only real chroots are selected, and are only listed once.
162
163 Chroot environment
164 -d, --directory=directory
165 Change to directory inside the chroot before running the command
166 or login shell. If directory is not available, schroot will
167 exit with an error status.
168
169 The default behaviour is as follows (all directory paths are
170 inside the chroot). A login shell is run in the current working
171 directory. If this is not available, it will try $HOME (when
172 --preserve-environment is used), then the user's home directory,
173 and / inside the chroot in turn. A command is always run in the
174 current working directory inside the chroot. If none of the
175 directories are available, schroot will exit with an error sta‐
176 tus.
177
178 -u, --user=user
179 Run as a different user. The default is to run as the current
180 user. If required, the user may be required to authenticate
181 themselves with a password. For further information, see the
182 section “Authentication”, below.
183
184 -p, --preserve-environment
185 Preserve the user's environment inside the chroot environment.
186 The default is to use a clean environment; this option copies
187 the entire user environment and sets it in the session. The
188 environment variables allowed are subject to certain restric‐
189 tions; see the section “Environment”, below.
190
191 -s, --shell=shell
192 Use shell as the login shell. When running a login shell a num‐
193 ber of potential shells will be considered, in this order: the
194 command in the SHELL environment variable (if --preserve-envi‐
195 ronment is used, or preserve-environment is enabled), the user's
196 shell in the ‘passwd’ database, /bin/bash and finally /bin/sh.
197 This option overrides this list, and will use the shell speci‐
198 fied. This option also overrides the shell configuration key,
199 if set.
200
201 -o, --option=key=value
202 Set an option. The value of selected configuration keys in sch‐
203 root.conf may be modified using this option. The key must be
204 present in the user-modifiable-keys configuration key in sch‐
205 root.conf, or additionally the user-modifiable-keys key if run‐
206 ning as (or switching to) the root user. The key and value set
207 here will be set in the environment of the setup scripts, and
208 may hence be used to customise the chroot on a per-session
209 basis.
210
211 Session actions
212 --automatic-session
213 Begin, run and end a session automatically. This is the default
214 action, so does not require specifying in normal operation.
215
216 -b, --begin-session
217 Begin a session. A unique session identifier (session ID) is
218 returned on standard output. The session ID is required to use
219 the other session options. Note that the session identifier may
220 be specified with the --session-name option.
221
222 --recover-session
223 Recover an existing session. If an existing session has become
224 unavailable, for example becoming unmounted due to a reboot,
225 this option will make the session available for use again, for
226 example by remounting it. The session ID is specified with the
227 --chroot option.
228
229 -r, --run-session
230 Run an existing session. The session ID is specified with the
231 --chroot option.
232
233 -e, --end-session
234 End an existing session. The session ID is specified with the
235 --chroot option.
236
237 Session options
238 -n, --session-name=session-name
239 Name a session. The specified session-name replaces the default
240 session name containing an automatically-generated session ID.
241 The session name must not contain a namespace qualifier, since
242 sessions are always created within the ‘session:’ namespace.
243 The session name is also subject to the chroot naming restric‐
244 tions documented in schroot.conf(5).
245
246 -f, --force
247 Force a session operation, even if it would otherwise fail.
248 This may be used to forcibly end a session, even if it has
249 active users. This does not guarantee that the session will be
250 ended cleanly; filesystems may not be unmounted, for example.
251
252 Separator
253 -- End of options. Used to indicate the end of the schroot
254 options; any following options will be passed to the command
255 being run, rather than to schroot.
256
258 If the user is not an allowed user, or a member of the allowed groups
259 (or if changing to root, the allowed root users or allowed root groups)
260 for the specified chroot(s), permission will be immediately denied. If
261 switching users, and the user running the command has access, the user
262 will be required to authenticate themselves using the credentials of
263 the user being switched to.
264
265 On systems supporting Pluggable Authentication Modules (PAM), schroot
266 will use PAM for authentication and authorisation of users. If and
267 when required, schroot will prompt for a password. If PAM is not
268 available, all authentication will automatically fail (user switching
269 is not supported without PAM).
270
271 Note that when PAM is in use, the root user is not granted any special
272 privileges by default in the program. However, the default PAM config‐
273 uration permits root to log in without a password (pam_rootok.so), but
274 this may be disabled to prevent root from accessing any chroots except
275 if specifically permitted. In such a situation, root must be added to
276 the allowed users or groups as for any other user or group. If PAM is
277 not available, the root user will be permitted to access all chroots,
278 even when not explicitly granted access.
279
281 Namespace basics
282 There are three different types of chroot: regular chroots, source
283 chroots and session chroots. These different types of chroot are sepa‐
284 rated into different namespaces. A namespace is a prefix to a chroot
285 name. Currently there are three namespaces: ‘chroot:’, ‘source:’ and
286 ‘session:’. Use --list --all to list all available chroots in all
287 namespaces. Because ‘:’ is used as the separator between namespace and
288 chroot names, it is not permitted to use this character in chroot
289 names.
290
291 Depending upon the action you request schroot to take, it may look for
292 the chroot in one of the three namespaces, or a particular namespace
293 may be specified. For example, a chroot named “sid” is actually named
294 “chroot:sid” if the namespace is included, but the namespace may be
295 omitted for most actions.
296
297 Source chroots
298 Some chroot types, for example LVM snapshots and Btrfs snapshots, pro‐
299 vide session-managed copy-on-write snapshots of the chroot. These also
300 provide a source chroot to allow easy access to the filesystem used as
301 a source for snapshotting. These are regular chroots as well, just
302 with the snapshotting disabled. For a chroot named “sid-snapshot”
303 (i.e. with a fully qualified name of “chroot:sid-snapshot”), there will
304 also be a corresponding source chroot named “source:sid-snapshot”.
305 Earlier versions of schroot provided source chroots with a ‘-source’
306 suffix. These are also provided for compatibility. In this example,
307 this would be called “chroot:sid-snapshot-source”. These compatibility
308 names will be dropped in a future version, so programs and scripts
309 should switch to using the namespace-qualified names rather than the
310 old suffix.
311
312 Session chroots
313 All sessions created with --begin-session are placed within the ‘ses‐
314 sion:’ namespace. A session named with --session-name may have any
315 name, even the same name as the chroot it was created from, providing
316 that it is unique within this namespace. This was not permitted in
317 previous versions of schroot which did not have namespaces.
318
319 Actions and default namespaces
320 All actions use ‘chroot:’ as the default namespace, with some session
321 actions being the exception. --run-session, --recover-session and
322 --end-session use ‘session:’ as the default namespace instead, since
323 these actions work on session chroots. The upshot is that the names‐
324 pace is usually never required except when you need to work with a
325 chroot in a namespace other than the default, such as when using a
326 source chroot. To make chroot selection unambiguous, it is always pos‐
327 sible to use the full name including the namespace, even when not
328 strictly required.
329
331 Performance on some filesystems, for example Btrfs, is bad when running
332 dpkg due to the amount of fsync operations performed. This may be mit‐
333 igated by installing the eatmydata package and then adding eatmydata to
334 the command-prefix configuration key, which disables all fsync opera‐
335 tions. Note that this should only be done in snapshot chroots where
336 data loss is not an issue. This is useful when using a chroot for
337 package building, for example.
338
340 schroot will select an appropriate directory to use within the chroot
341 based upon whether an interactive login shell will be used, or a com‐
342 mand invoked, and additionally if the --directory option is used. In
343 the case of running commands directly, or explicitly specifying a
344 directory, only one directory will be used for safety and consistency,
345 while for a login shell several possibilities may be tried. The fol‐
346 lowing subsections list the fallback sequence for each case. CWD is
347 the current working directory, DIR is the directory specified with
348 --directory.
349
350 Login shell
351 ┌────────────────────┬──────────────────────────────────────────┐
352 │Transition │ │
353 │(Host → Chroot) │ Comment │
354 ├────────────────────┼──────────────────────────────────────────┤
355 │CWD → CWD │ Normal behaviour (if --directory is not │
356 │ │ used) │
357 │CWD → $HOME │ If CWD is nonexistent and --pre‐ │
358 │ │ serve-environment is used │
359 │CWD → passwd pw_dir │ If CWD is nonexistent (or --pre‐ │
360 │ │ serve-environment is used and no $HOME │
361 │ │ exists) │
362 │CWD → / │ None of the above exist │
363 │FAIL │ If / is nonexistent │
364 └────────────────────┴──────────────────────────────────────────┘
365 Command
366 ┌────────────────┬──────────────────────────────────────────┐
367 │Transition │ │
368 │(Host → Chroot) │ Comment │
369 ├────────────────┼──────────────────────────────────────────┤
370 │CWD → CWD │ Normal behaviour (if --directory is not │
371 │ │ used) │
372 │FAIL │ If CWD is nonexistent │
373 └────────────────┴──────────────────────────────────────────┘
374 No fallbacks should exist under any circumstances.
375
376 --directory used
377 ┌────────────────┬──────────────────────────────────────────┐
378 │Transition │ │
379 │(Host → Chroot) │ Comment │
380 ├────────────────┼──────────────────────────────────────────┤
381 │CWD → DIR │ Normal behaviour │
382 │FAIL │ If DIR is nonexistent │
383 └────────────────┴──────────────────────────────────────────┘
384 No fallbacks should exist under any circumstances.
385
386 Debugging
387 Note that --debug=notice will show the internal fallback list computed
388 for the session.
389
391 List available chroots
392 % schroot -l↵
393 chroot:default
394 chroot:etch
395 chroot:sid
396 chroot:testing
397 chroot:unstable
398
399 Get information about a chroot
400 % schroot -i -c sid↵
401 ——— Chroot ———
402 Name sid
403 Description Debian sid (unstable)
404 Type plain
405 Priority 3
406 Users rleigh
407 Groups sbuild
408 Root Users
409 Root Groups sbuild
410 Aliases unstable unstable-sbuild unstable-p
411 owerpc-sbuild
412 Environment Filter ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
413 FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
414 IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
415 RMPATH)$
416 Run Setup Scripts true
417 Script Configuration script-defaults
418 Session Managed true
419 Personality linux32
420 Location /srv/chroot/sid
421
422 Use --all or -c multiple times to use all or multiple chroots, respec‐
423 tively.
424
425 Running commands in a chroot
426 % schroot -c sid /bin/ls↵
427 [sid chroot] Running command: “/bin/ls”
428 CVS sbuild-chroot.c sbuild-session.h schroot.conf.5
429 Makefile sbuild-chroot.h schroot.1 schroot.conf.5.in
430 Makefile.am sbuild-config.c schroot.1.in
431 Makefile.in sbuild-config.h schroot.c
432 pam sbuild-session.c schroot.conf
433 % schroot -c sid -- ls -1 | head -n 5↵
434 [sid chroot] Running command: “ls -1”
435 ABOUT-NLS
436 AUTHORS
437 COPYING
438 ChangeLog
439 INSTALL
440
441 Use -- to allow options beginning with ‘-’ or ‘--’ in the command to
442 run in the chroot. This prevents them being interpreted as options for
443 schroot itself. Note that the top line was echoed to standard error,
444 and the remaining lines to standard output. This is intentional, so
445 that program output from commands run in the chroot may be piped and
446 redirected as required; the data will be the same as if the command was
447 run directly on the host system.
448
449 Switching users
450 % schroot -c sid -u root↵
451 Password:
452 [sid chroot] (rleigh→root) Running login shell: “/bin/bash”
453 #
454
455 If the user ‘rleigh’ was in root-users in /etc/schroot/schroot.conf, or
456 one of the groups he belonged to was in root-groups, they would be
457 granted root access without authentication, but the PAM authorisation
458 step is still applied.
459
460 Sessions
461 A chroot may be needed to run more than one command. In particular,
462 where the chroot is created on the fly from an LVM LV or a file on
463 disc, there is a need to make the chroot persistent while a given task
464 (or set of tasks) is performed. Sessions exist for this purpose. For
465 simple chroot types such as ‘plain’ and ‘directory’, sessions may be
466 created but are not strictly necessary.
467
468 Let's start by looking at a session-capable chroot:
469
470 % schroot -i -c sid-snap↵
471 ——— Chroot ———
472 Name sid-snap
473 Description Debian sid snapshot
474 Type lvm-snapshot
475 Priority 3
476 Users maks rleigh
477 Groups sbuild
478 Root Users
479 Root Groups root sbuild
480 Aliases
481 Environment Filter ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
482 FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
483 IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
484 RMPATH)$
485 Run Setup Scripts true
486 Script Configuration script-defaults
487 Session Managed true
488 Personality linux
489 Device /dev/hda_vg/sid_chroot
490 Mount Options -o atime,async,user_xattr
491 Source Users
492 Source Groups root rleigh
493 Source Root Users
494 Source Root Groups root rleigh
495 LVM Snapshot Options --size 2G -c 128
496
497 Note that the Session Managed option is set to ‘true’. This is a
498 requirement in order to use session management, and is supported by
499 most chroot types. Next, we will create a new session:
500
501 % schroot -b -c sid-snap↵
502 sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
503
504 The session ID of the newly-created session is returned on standard
505 output. It is common to store it like this:
506
507 % SESSION=$(schroot -b -c sid-snap)↵
508 % echo $SESSION↵
509 sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f
510
511 The session may be used just like any normal chroot. This is what the
512 session looks like:
513
514 % schroot -i -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f↵
515 ——— Session ———
516 Name sid-snap-46195b04-0893-49bf-beb8-0d\
517 4ccc899f0f
518 Description Debian sid snapshot
519 Type lvm-snapshot
520 Priority 3
521 Users maks rleigh
522 Groups sbuild
523 Root Users
524 Root Groups root sbuild
525 Aliases
526 Environment Filter ^(BASH_ENV|CDPATH|ENV|HOSTALIASES|I\
527 FS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMA\
528 IN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TE\
529 RMPATH)$
530 Run Setup Scripts true
531 Script Configuration script-defaults
532 Session Managed true
533 Personality linux
534 Mount Location /var/lib/schroot/mount/sid-snap-461\
535 95b04-0893-49bf-beb8-0d4ccc899f0f
536 Path /var/lib/schroot/mount/sid-snap-461\
537 95b04-0893-49bf-beb8-0d4ccc899f0f
538 Mount Device /dev/hda_vg/sid-snap-46195b04-0893-\
539 49bf-beb8-0d4ccc899f0f
540 Device /dev/hda_vg/sid_chroot
541 Mount Options -o atime,async,user_xattr
542 Source Users
543 Source Groups root rleigh
544 Source Root Users
545 Source Root Groups root rleigh
546 LVM Snapshot Device /dev/hda_vg/sid-snap-46195b04-0893-\
547 49bf-beb8-0d4ccc899f0f
548 LVM Snapshot Options --size 2G -c 128
549
550 Now the session has been created, commands may be run in it:
551
552 % schroot -r -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f -- \
553 uname -sr↵
554 I: [sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f chroot] Running \
555 command: “uname -sr”
556 Linux 2.6.18-3-powerpc
557 % schroot -r -c $SESSION -- uname -sr↵
558 I: [sid-snap-fe170af9-d9be-4800-b1bd-de275858b938 chroot] Running \
559 command: “uname -sr”
560 Linux 2.6.18-3-powerpc
561
562 When all the commands to run in the session have been performed, the
563 session may be ended:
564
565 % schroot -e -c sid-snap-46195b04-0893-49bf-beb8-0d4ccc899f0f↵
566 % schroot -e -c $SESSION↵
567
568 Finally, the session names can be long and unwieldy. A name may be
569 specified instead of using the automatically generated session ID:
570
571 % schroot -b -c sid-snap -n my-session-name↵
572 my-session-name
573
575 If something is not working, and it's not clear from the error messages
576 what is wrong, try using the --debug=level option to turn on debugging
577 messages. This gives a great deal more information. Valid debug lev‐
578 els are ‘none’, and ‘notice’, ‘info’, ‘warning’ and ‘critical’ in order
579 of increasing severity. The lower the severity level, the more output.
580
581 If you are still having trouble, the developers may be contacted on the
582 mailing list:
583 Debian buildd-tools Developers
584 <buildd-tools-devel@lists.alioth.debian.org>
585
587 On the mips and mipsel architectures, Linux kernels up to and including
588 at least version 2.6.17 have broken personality(2) support, which
589 results in a failure to set the personality. This will be seen as an
590 “Operation not permitted” (EPERM) error. To work around this problem,
591 set personality to ‘undefined’, or upgrade to a more recent kernel.
592
594 By default, the environment is not preserved, and the following envi‐
595 ronment variables are defined: HOME, LOGNAME, PATH, SHELL, TERM (pre‐
596 served if already defined), and USER. The environment variables SCH‐
597 ROOT_COMMAND, SCHROOT_USER, SCHROOT_GROUP, SCHROOT_UID and SCHROOT_GID
598 are set inside the chroot specifying the command being run, the user
599 name, group name, user ID and group ID, respectively. Additionally,
600 the environment variables SCHROOT_SESSION_ID, SCHROOT_CHROOT_NAME and
601 SCHROOT_ALIAS_NAME specify the session ID, the original chroot name
602 prior to session creation, and the alias used to originally identify
603 the selected chroot, respectively.
604
605 The following, potentially dangerous, environment variables are removed
606 for safety by default: BASH_ENV, CDPATH, ENV, HOSTALIASES, IFS,
607 KRB5_CONFIG, KRBCONFDIR, KRBTKFILE, KRB_CONF, LD_.*, LOCALDOMAIN,
608 NLSPATH, PATH_LOCALE, RES_OPTIONS, TERMINFO, TERMINFO_DIRS, and
609 TERMPATH. If desired, the environment-filter configuration key will
610 allow the exclusion list to the modified; see schroot.conf(5) for fur‐
611 ther details.
612
614 Configuration files
615 /etc/schroot/schroot.conf
616 The system-wide chroot definition file. This file must be owned
617 by the root user, and not be writable by other.
618
619 /etc/schroot/chroot.d
620 Additional chroot definitions may be placed in files under this
621 directory. They are treated in exactly that same manner as
622 /etc/schroot/schroot.conf. Each file may contain one or more
623 chroot definitions. Note that the files in this directory fol‐
624 low the same naming rules as run-parts(8) when run with the
625 --lsbsysinit option.
626
627 /etc/schroot/setup.d
628 The system-wide chroot setup script directories. See schroot-
629 setup(5).
630
631 /etc/pam.d/schroot
632 PAM configuration.
633
634 System directories
635 /usr/libexec/schroot
636 Directory containing helper programs used by setup scripts.
637
638 Session directories
639 Each directory contains a directory or file with the name of each ses‐
640 sion. Not all chroot types make use of all the following directories.
641
642 /var/lib/schroot/session
643 Directory containing the session configuration for each active
644 session.
645
646 /var/run/schroot/mount
647 Directory used to mount the filesystems used by each active ses‐
648 sion.
649
650 /var/lib/schroot/union/underlay
651 Directory used for filesystem union source (underlay).
652
653 /var/lib/schroot/union/overlay
654 Directory used for filesystem union writeable overlay.
655
656 /var/lib/schroot/unpack
657 Directory used for unpacking file chroots.
658
660 Roger Leigh.
661
663 Copyright © 2005-2012 Roger Leigh <rleigh@debian.org>
664
665 schroot is free software: you can redistribute it and/or modify it
666 under the terms of the GNU General Public License as published by the
667 Free Software Foundation, either version 3 of the License, or (at your
668 option) any later version.
669
671 dchroot(1), sbuild(1), chroot(2), schroot.conf(5). schroot-setup(5),
672 schroot-faq(7), run-parts(8),
673
674
675
676Version 1.6.10 05 May 2014 SCHROOT(1)