Chroot jailed X application testing in Debian
---------------------------------------------

Last edited: $Date: 2017/10/18 19:59:31 $


## Setup a chroot jail to test some application

Sometimes you don't need a LXC container, and a chroot will do fine.

When  you want  to  test an  application,  that requires  additional
packages to  installed, you don't  always want to install  all those
extra  software on  your desktop  or laptop.  Once installed,  these
packages come up with every update and are eating disc space.

When the idea is  to get rid of all this stuff  after the testing is
done, a chroot jail is a good solution. Just install the base system
in the chroot directory, install  the extra needed packages and test
your application. When  you are done, you can  obliterate the chroot
directory, and everything is neat and clean again.

Debian  is  a  great  platform   for  this,  because  of  the  great
debootstrap utility.

## Create a chrooted base system with debootstrap


   su -
   mkdir /srv/chroot
   cd chroot
   debootstrap stretch stretch http://ftp.nl.debian.org/debian


Here, we install the stretch version of Debian in a directory called
stretch, and install from the mirror on ftp.nl.debian.org.

This is done as the root user, hence the "su -" at the start.

We choose to  install the chroot in the  directory /srv/chroot. This
can of course be any othter place.

In our example  we can have several chroots adjacent  to each other,
f.e.:


   /srv/chroot/stretch
   /srv/chroot/jessie


## Create a user in the chrooted base system

Enter the chroot, and add a user.


   su -
   cd /srv/chroot/stretch
   chroot .
   adduser newuser


Leave the chroot environment with exit.

## Add packages

We can add additional packages from within the chroot directory.

Enter the chroot, and add packages:


   su -
   cd /srv/chroot/stretch
   chroot .
   apt-get update
   apt-get install gman


## Setup the necessary mount points

In order  to use our new  chroot, we have to  create some additional
mount points:


   cd /srv/chroot/stretch
   mount -t proc /proc proc/
   mount --rbind /sys sys/
   mount --rbind /dev dev/
   mount --bind /tmp tmp/
   mount --rbind /var/run/dbus run/dbus/
   mount --rbind /var/lib/dbus var/lib/dbus/
   mount --rbind /run/user run/user/


After a reboot you have to recreate these mounts. If you run chroots
more often,  then it might be  a good idea  to put these lines  in a
small shellscript.

## Prepare  for X applications  to connect  to your local  running X
  session

On the host, so outside the  chroot, allow connections to be made to
your running X session:


   xhost +


You do this as the user who is logged in on your dekstop machine and
has started X.

On  the host,  so outside  the chroot,  see how  to connect  to your
running X session:


   set | grep DISPLAY


This will show your display settings, like;


   DISPLAY=:0.0


## Setup the DISPLAY variable in your chroot

Inside the chroot, set the DISPLAY variable:


   su -
   cd /srv/chroot/stretch
   chroot .
   su - newuser
   export DISPLAY=:0.0


First, we become the local user inside the chroot environment. There
we set the DISPLAY variable.

Now, start your X application



   gman


(Here we  use gman,  as this  is a  small X  appilcation so  you can
quickly test your settings.)

You can  add the line that  sets the DISPLAY variable  to your local
bashrc inside the chroot jail:


   echo "export DISPLAY=:0.0" >> ~/.bashrc


After you  are done  with your test  application, leave  the chroot.
First, type  "exit" to leave the  local user and return  to the root
user inside the chroot. After this, type "exit" to leave the chroot.

## Set /etc/debian_chroot

Debian comes  with a very fine  configuration of bash in  your local
bashrc  file. This  checks to  see if  the file  /etc/debian_chroot
exists. When  it does,  it changes  your prompt in  bash. This  is a
great feature, so you can see at once if the terminal you are typing
in, is in- or outside your chroot :)

So in the  chroot directory, create the  file /etc/debian_chroot and
put something useful in it,  like "stretch-chroot" or something like
that.  When  you  are  inside  the chroot,  your  prompt  will  look
something like this:


   (stretch-chroot)<user>@<hostname>:~$


Neat, isn't it?

## Using D-BUS with klauncher in the chroot environment

I  had a  lot of  trouble getting  KDE applications  running in  the
chroot environment, because of D-BUS connection errors.

This is what helped me starting a KDE application:


   dbus-launch --autolaunch=`cat /var/lib/dbus/machine-id`


Run this in the chroot, with the  same userid as on the real desktop
session on the host. So f.e. on  the host X is started with the user
with userid  1001, then inside  the chroot make  sure you su  to the
user with the same userid 1001 in /etc/passwd.

Because of  the bind mount  of /var/lib/dbus, the machine-id  of the
host and the one inside the chroot jail are the same.

## Clean up

After your  test is finished,  you can simply obliterate  the chroot
directory.

## Security considerations

A chroot is  not as secure as  a virutal machine. It  is possible to
escape from a chroot  environment. However, for testing applications
or building applications this is a great solution.

Opening  up X  for  connections, which  you do  with  the "xhost  +"
command,  is considered  unsafe. Make  sure you  do this  only in  a
trusted environment.

## Have fun

Keep calm and have fun with your chroots with X apps.


$Id: chrootxapp.txt,v 1.2 2017/10/18 19:59:31 matto Exp $

You are viewing proxied material from box.matto.nl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.