Chroot
 |
Languages: |
English • Deutsch |
 |
This tutorial and the script are intended for advanced users only who actually know what chroot does! |
 |
Alternatively you can test this script which will download the latest nightly and help you setting it up to run chrooted. |
- This article describes how to run ZNC in a chroot-environment on Debian.
[edit] Compile and install ZNC normally
Details: Installation
[edit] Add a new user under which you will run ZNC
Example: bouncer
adduser bouncer
[edit] Login as your new user "bouncer" and configure ZNC normally for this user
su bouncer znc --makeconf
or
ssh bouncer@localhost znc --makeconf
Details: Configuration
[edit] Change back to user "root" and create a directory for the chroot environment
exit
or
logout
Example: /var/chroot/
mkdir /var/chroot
[edit] Create the following subdirectories
/var/chroot/+
- etc/
- dev/
- usr/lib/
- usr/local/share
- usr/local/bin
- usr/local/lib
- lib/
- home/
- home/bouncer
cd /var/chroot/ && mkdir etc/ && mkdir dev/ && mkdir -p usr/lib/ && mkdir -p usr/local/share/ && mkdir -p usr/local/bin/ && mkdir -p usr/local/lib/ && mkdir lib/ && mkdir -p home/bouncer/
[edit] Change into the recently created "home"-directory and give ownership to the account you created
cd /var/chroot/home/ chown bouncer:bouncer bouncer
[edit] Change into the recently created "dev"-directory and run the following commands
cd /var/chroot/dev/ mknod -m 644 random c 1 8 && mknod -m 644 urandom c 1 9 && mknod -m 666 null c 1 3
[edit] Get the names of the needed libs
ldd znc
Example:
linux-gate.so.1 => () libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 () libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 () libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 () libstdc++.so.6 => /usr/lib/libstdc++.so.6 () libm.so.6 => /lib/tls/i686/cmov/libm.so.6 () libgcc_s.so.1 => /lib/libgcc_s.so.1 () libc.so.6 => /lib/tls/i686/cmov/libc.so.6 () /lib/ld-linux.so.2 () libz.so.1 => /usr/lib/libz.so.1 ()
[edit] Copy all the needed files
cp /lib/mylibname /var/chroot/lib/ cp /usr/lib/mylibname /var/chroot/usr/lib/
Be sure that you don't miss any file!
Note: There's not supposed to be a linux-gate.so.1 file present anywhere on the file system; it's a virtual DSO, a shared object exposed by the kernel at a fixed address in every process' memory. This means that this file does not need to be copied.
[edit] Possibly copy more needed files
You might find that you may have to copy some other libs. Like the libs for perl. If znc throws back errors then copy the libs that you locate in the error messages to the directories that match up in the chroot and try again. I did find a problem with perl in the chrooted enviroment. The first time that I installed ZNC (I am not the creator) I just tried to copy the perl libs thinking that I was done. Wrong.
This command will show you where most of your supporting files for perl are located (You still need to copy the main perl libs):
perl -V
Built under linux Compiled at Jun 26 2009 18:23:00 @INC: /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .
(Read On Please)
This is what I used to copy my perl installation:
cp /usr/lib/libperl.so.5.10 /var/chroot/usr/lib/ cp /usr/lib/libperl.so.5.10.0 /var/chroot/usr/lib/ mkdir /var/chroot/usr/lib/perl/ mkdir /var/chroot/usr/share/perl/ cp -r /etc/perl /var/chroot/etc/ cp -r /usr/local/lib/perl/5.10.0 /var/chroot/usr/local/lib/perl/ cp -r /usr/local/share/perl/5.10.0 /var/chroot/usr/local/share/perl/ cp -r /usr/lib/perl5 /var/chroot/usr/lib/ cp -r /usr/share/perl5 /var/chroot/usr/share/ cp -r /usr/lib/perl/5.10 /var/chroot/usr/lib/perl/ cp -r /usr/share/perl/5.10 /var/chroot/usr/share/perl/ cp -r /usr/local/lib/site_perl /var/chroot/usr/local/lib/ cp -r /usr/lib/perl /var/chroot/usr/lib/ cp -r /usr/share/perl /var/chroot/usr/share/ cp /usr/lib/libperl.so.5.10 /var/chroot/usr/lib/ cp /usr/lib/libperl.so.5.10.0 /var/chroot/usr/lib/ cp /lib/libcrypt.so.1 /var/chroot/lib/ mkdir /var/chroot/lib/tls/ mkdir /var/chroot/lib/tls/i686/ mkdir /var/chroot/lib/tls/i686/cmov/ mkdir /var/chroot/lib/tls/i686/nosegneg/ cp /lib/tls/i686/cmov/libcrypt.so.1 /var/chroot/lib/tls/i686/cmov/ cp /lib/tls/i686/nosegneg/libcrypt.so.1 /var/chroot/lib/tls/i686/nosegneg/
The above script was created while I was tinkering trying to figure out what files to copy and what not. Some of the directories may be redundant but it worked for me.
I acquired these directories from here: http://www.trilithium.com/johan/2005/08/linux-gate/ and the perl -V command. I know that the /usr/share/perl/ & /usr/share/perl5/ & /usr/lib/perl/ & /usr/lib/perl5/ are the most important along with the main .so files. I am assuming that it will depend on your version once perl is upgraded or if you have an old one.
Peace... WebDawg@IRC@Efnet or WebDawg @ GooglesMailDomain.suffix ...
[edit] You need to copy the following files to get DNS working
/etc/hosts /etc/resolv.conf /lib/libnss_dns.so.2 (May also be somewhere else, ask locate) /lib/libresolv.so.2 (May also be somewhere else, ask locate)
[edit] Copy ZNC files
cp /usr/local/bin/znc* /var/chroot/usr/local/bin/ cp -r /usr/local/share/znc /var/chroot/usr/local/share/ cp -r /usr/local/lib/znc /var/chroot/usr/local/lib/
[edit] Change to user "bouncer" and copy the recently created config files of ZNC
su bouncer cp -r /home/bouncer/.znc /var/chroot/home/bouncer/
[edit] Change back to user "root" and start ZNC
exit
Now you can start ZNC with:
start-stop-daemon --chroot /var/chroot/ --chuid bouncer:bouncer --start --exec /usr/local/bin/znc
And stop ZNC with:
start-stop-daemon --chroot /var/chroot/ --chuid bouncer:bouncer --stop --exec /usr/local/bin/znc
