Using proc in chroot environments

Using proc in chroot environments

[DervishD]

    Hi all :)

    I'm using a chroot environment on my main disk as a 'crash test
dummy', and I need to access the proc filesystem inside it. Since
hard links are not allowed for directories, the only solution I can
think of is to mount proc inside the chroot environment just after
chrooting. This works, I've tested, but I have two problems:

    - Any change in the chroot proc happens too in the main one (like
using /proc/sys/kernel variables). Not a big deal, since I want the
chroot environment to mimic the main filesystem where the original
proc is mounted, but is annoying.

    - I must mount copies of devpts, usbfs, etc... under the 'second'
proc, too, and this is even more annoying.

    The perfect solution for me is to hardlink the proc directory of
the chrooted environment to the proc directory on the true root dir,
but since this is not possible, whan can I do instead of remounting a
second copy of proc (which, by the way, makes /proc/mounts a little
bit weird...)?

    Thanks a lot in advance :))

    Raúl Núñez de Arenas Coronado

-- 
Linux Registered User 88736
http://www.pleyades.net & http://raul.pleyades.net/

Re: Using proc in chroot environments

[DervishD]

    Hi Ville :)

 * Ville Herva <vherva@niksula.hut.fi> dixit:
> >     - I must mount copies of devpts, usbfs, etc... under the 'second'
> > proc, too, and this is even more annoying.
> Mount them under /.../chroot/proc ? Hm.

    That's what I'm doing right now (well I mount them under the /dev
directory of the chroot environment ;)
  
> >     The perfect solution for me is to hardlink the proc directory of
> > the chrooted environment to the proc directory on the true root dir,
> > but since this is not possible, whan can I do instead of remounting a
> > second copy of proc (which, by the way, makes /proc/mounts a little
> > bit weird...)?
> mount --bind is closest to hardlink you can get and it works. But I don't
> know if that is that much different from mounting proc second time.

    For other filesystems I don't know, for proc is more or less the
same, except maybe that --bind maybe doesn't show proc mounted twice
:???

    Thanks :))

    Raúl Núñez de Arenas Coronado

-- 
Linux Registered User 88736
http://www.pleyades.net & http://raul.pleyades.net/

Re: Using proc in chroot environments

[Mark Mielke]

On Sun, Nov 02, 2003 at 09:49:34PM +0100, DervishD wrote:
>     I'm using a chroot environment on my main disk as a 'crash test
> dummy', and I need to access the proc filesystem inside it. Since
> hard links are not allowed for directories, the only solution I can
> think of is to mount proc inside the chroot environment just after
> chrooting. This works, I've tested, but I have two problems:
> ...
>     The perfect solution for me is to hardlink the proc directory of
> the chrooted environment to the proc directory on the true root dir,
> but since this is not possible, whan can I do instead of remounting a
> second copy of proc (which, by the way, makes /proc/mounts a little
> bit weird...)?

It sounds to me, as if you want something like UML... :-)

chroot environments are traditionally quite minimal, meaning that they
usually don't require /dev/pts, /proc, etc.

One approach that I have seen taken, is for privileged information to be
queried through a non-chroot'ed process by the chroot'ed process.

mark

-- 
mark@mielke.cc/markm@ncf.ca/markm@nortelnetworks.com __________________________
.  .  _  ._  . .   .__    .  . ._. .__ .   . . .__  | Neighbourhood Coder
|\/| |_| |_| |/    |_     |\/|  |  |_  |   |/  |_   | 
|  | | | | \ | \   |__ .  |  | .|. |__ |__ | \ |__  | Ottawa, Ontario, Canada

  One ring to rule them all, one ring to find them, one ring to bring them all
                       and in the darkness bind them...

                           http://mark.mielke.cc/

Re: Using proc in chroot environments

[DervishD]

    Hi Mark :)

 * Mark Mielke <mark@mark.mielke.cc> dixit:
> >     I'm using a chroot environment on my main disk as a 'crash test
> > dummy', and I need to access the proc filesystem inside it. Since
> It sounds to me, as if you want something like UML... :-)

    More or less. It's just the chroot is easier for me, but I would
like to test UML someday O:))
 
> chroot environments are traditionally quite minimal, meaning that they
> usually don't require /dev/pts, /proc, etc.

    I know, but I think that UML is unnecessarily complex for me. I
can go with just a chrooted env.
 
    Raúl Núñez de Arenas Coronado

-- 
Linux Registered User 88736
http://www.pleyades.net & http://raul.pleyades.net/

Re: Using proc in chroot environments

[David Gómez]

Hi ;),

>     I'm using a chroot environment on my main disk as a 'crash test
> dummy', and I need to access the proc filesystem inside it. Since
> hard links are not allowed for directories, the only solution I can
> think of is to mount proc inside the chroot environment just after
> chrooting. This works, I've tested, but I have two problems:

Have you tried the --bind mount option? It's great to solve this kind
of problem, accesing to a directory within a chrooted enviroment. I've
used it successly with a ftp server ;).

-- 
David Gómez

"The question of whether computers can think is just like the question of
 whether submarines can swim." -- Edsger W. Dijkstra

Re: Using proc in chroot environments

[DervishD]

    Hi David :)

 * David <david@pleyades.net> dixit:
> >     I'm using a chroot environment on my main disk as a 'crash test
> > dummy', and I need to access the proc filesystem inside it. Since
> > hard links are not allowed for directories, the only solution I can
> > think of is to mount proc inside the chroot environment just after
> > chrooting. This works, I've tested, but I have two problems:
> Have you tried the --bind mount option? It's great to solve this kind
> of problem, accesing to a directory within a chrooted enviroment. I've
> used it successly with a ftp server ;).

    I haven't tried, but I'm afraid it won't solve my problem. First,
if I do a 'binded' mount of /proc, any change in the chrooted proc
will reflect in the original one, so I'm in trouble anyway. Second,
if I do 'mount' or 'cat /proc/mounts' the proc filesystem will be
shown twice anyway (correct me here if I'm wrong).

    By now I'm going to keep using two independent mounts until I
find a better approach... Thanks for your answer :)

    Raúl Núñez de Arenas Coronado

-- 
Linux Registered User 88736
http://www.pleyades.net & http://raul.pleyades.net/