1LINUX-USER-CHROOT(8)        System Manager's Manual       LINUX-USER-CHROOT(8)
2
3
4

NAME

6       linux-user-chroot - safely allow normal users to chroot
7

SYNOPSIS

9       linux-user-chroot   [--unshare-ipc]   [--unshare-pid]   [--unshare-net]
10       [--seccomp-profile-version] [--mount-proc DIR]  [--mount-readonly  DIR]
11       [--mount-bind SOURCE DEST] [--chdir DIR] ROOTDIR PROGRAM ARGS...
12

DESCRIPTION

14       linux-user-chroot  is  a  setuid  program that allows non-root users to
15       safely use some Linux  kernel  container  features.   It  is  primarily
16       intended  for  use by build systems.  The user needs to create a direc‐
17       tory tree with the build dependencies needed, and only those, and  then
18       linux-user-chroot runs the actual build commands such that the commands
19       only see the directory tree.  This is useful  for  ensuring  the  build
20       gets the right version of its build dependencies, for example.
21
22       linux-user-chroot works similary to chroot(8), but does not require the
23       caller to have root privileges.  It uses Linux containers  to  restrict
24       the chroot to make this safe.  The command run inside the chroot is run
25       as the calling user, not as root.
26
27       linux-user-chroot executes a command, and sets the root  directory  for
28       the  command  to  the directory specified by the user (ROOTDIR).  Addi‐
29       tionally, it creates a "nosuid" bind mount over the root filesystem, to
30       prevent  the  build from gaining privileges using setuid binaries.  The
31       command can further be restricted from accessing the  network,  and  it
32       can be set up with new process ID and SysV IPC namespaces.
33

OPTIONS

35       --unshare-ipc
36              Create a new SysV IPC namespace for the command.
37
38       --unshare-pid
39              Create  a  new process ID (PID) namespace for the command.  This
40              prevents the command from seeing any other processes in the sys‐
41              tem, except itself and the processes it itself creates.
42
43       --unshare-net
44              Create a new, empty networking stack.  This prevents the command
45              from using any networking, including loopback.
46
47       --mount-proc DIR
48              Mount the proc filesystem at DIR.
49
50       --mount-devapi DIR
51              Mount just the API devices (null, full, urandom etc) at DIR.
52
53       --mount-readonly DIR
54              Make DIR be read-only for the command.
55
56       --mount-bind SOURCE DEST
57              Add a bind mount while the command is executing.
58
59       --chdir DIR
60              After setting the new root directory for the command, change the
61              current working directory to be DIR.
62
63       --seccomp-profile-version VERSION
64              Seccomp  is a tool to restrict the system calls applications can
65              make.  As linux-user-chroot is designed for build systems, we do
66              not  need  to  expose  the  entire kernel system call interface.
67              Currently a number of
68
69              This argument is an integer, where -1 means  "no  seccomp",  and
70              "0" enables the first profile version.  This is an opt-in system
71              to any future versions.
72

EXIT STATUS

74       The exit status is the exit status of the executed  command,  or  1  if
75       linux-user-chroot failed to execute the command.
76

EXAMPLE

78       To build software in the real system, but without networking:
79
80              linux-user-chroot --unshare-net --chdir "$(pwd)"
81              make clean all check
82

SEE ALSO

84       chroot(8).
85
86
87
88                                                          LINUX-USER-CHROOT(8)
Impressum