GitXplorerGitXplorer
v

jchroot

public
99 stars
16 forks
2 issues

Commits

List of commits on branch master.
Unverified
645c309a4a5a866d7a42abdf51c348598d60fafb

jchroot: create pivot root directory at the root of the target

vvincentbernat committed 3 years ago
Unverified
02e061e800980fa43ad4753cd4e5fc6a39eb6671

debian: new release

vvincentbernat committed 4 years ago
Unverified
b742c05003ce75bb460b762991488e068d4adcf8

jchroot: add an option to keep processes running in background

vvincentbernat committed 4 years ago
Unverified
6912f8fc81532a0233f5cfe66d192bc19f308ced

mount: make root private earlier

vvincentbernat committed 4 years ago
Unverified
c2d6badb909e86ead5e15d290388628d70c39b78

github: switch away from Travis

vvincentbernat committed 4 years ago
Unverified
83f304a42e2d971dd6f66767f7dfe7dcf82e8b46

doc: make --help return 0 as exit code

vvincentbernat committed 5 years ago

README

The README file for this repository.

jchroot: a chroot with more isolation

Recent Linux kernels are now able to provide a new PID namespace to a newly created process. The process becomes PID 1 in its own namespace and all processes created in this namespace will be killed when the first process terminates. This allows to reliably kill any process started by the first process, even when they double fork. It also ensures a better isolation.

The same applies for mount points and IPC. If you combine those three namespaces with a standard chroot, you get a chroot on steroids. You can launch any (non malicious) process in this chroot, it won't interfere with your main system and everybody will be killed when you exit the shell. Any filesystem that was mounted will also be unmounted automatically.

This is what jchroot does:

  1. Setup user/group mappings.
  2. provide a new PID/IPC/mount/UTS namespace
  3. mount anything you want
  4. set hostname if needed
  5. chroot to your target
  6. drop privileges if needed
  7. execute your command

After your command has been executed, any process started by the execution of this command will be killed, any IPC will be freed, any mount point will be unmounted. All clean!

See also schroot and lxc. schroot is not yet able to do this, but this is planned. See bug #637870. lxc should be able to do this but seems targeted at more complex situations... If you use systemd, look at nspawn or systemd-nspawn which does almost the same thing than jchroot. You could also use unshare (with chroot) from util-linux package.

Security note

It should be noted that a privileged process inside jchroot may be able to escape unless its privileges are reduced. For example, it could fiddle with /dev/kmem or mount any filesystem after creating the appropriate node.

If you seek a complex isolation, you are better off with lxc which bundles many security mechanisms.

You may want to use user namespaces to increase the security of the chroot:

./jchroot -U -u 0 -g 0 -M "0 $(id -u) 1" -G "0 $(id -g) 1" /path/to/chroot cmd

Installation & use

Just use make to get jchroot. Then jchroot --help to get help.

Related projects

ChrootX is a wrapper around chroot/jchroot.