Getting PRoot up and running
If you choose to compile PRoot, that's just a matter of:
#!/bin/sh git clone git://github.com/cedric-vincent/PRoot.git cd PRoot/src make [...] ./proot
Grabbing a RootFS
The second step to test VLC media player in different distributions is to get a root file system for every distribution we want to try.
It's also possible, under Debian and Ubuntu, to create a root file system using debootstrap, but let's take the easy way for today.
#!/bin/sh % mkdir debian-6.0-x86_64 % cd debian-6.0-x86_64 % wget http://download.openvz.org/template/precreated/debian-6.0-x86_64.tar.gz [...] % tar xf debian-6.0-x86_64.tar.gz % cd ..
As we will see later, you can safely ignore the warnings printed by tar when extracting the file system. Let us note that everything is run as a normal user.
Now you can "jump" into this new root file system using PRoot:
#!/bin/sh % cat /etc/debian_version wheezy/sid % proot ./debian-6.0-x86_64 ~ cat /etc/debian_version 6.0.4
For now on, the root file system is the one you just downloaded. For instance:
#!/bin/sh ~ gcc --version gcc (Debian 4.4.5-8) 4.4.5 ~ logout % gcc --version gcc (Debian 4.6.3-1) 4.6.3
You just tested the first feature provided by PRoot:
- Changing the root file system of a process
As you may have noticed, I used '%' for the host file system shell prompt (a Debian Sid) and '~' for the PRooted one (a Debian Squeeze).
Setting up the new RootFS
We now have a basic and working root file systems but some configuration has to be done before any real usages:
- Adding the right users and groups to /etc/passwd and /etc/group
- Configuring DNS resolution
- Binding some special directories
- Updating the system
Normally, all this tasks can only be done by root as they will modifies files owned by root. As we extracted the archive as a normal user, the current user can modify any files in the root file system though making root privileges pointless.
Adding some user and groups
In order to keep the same user inside the PRooted file system, you just have to copy the right lines from /etc/passwd to the corresponding file in the PRooted file system. You can do the same thing for groups in /etc/group.
Configuring DNS resolution
Just copy /etc/resolv.conf from the host root file system to the PRooted one. This way the same mechanism will be used in the host system and in the PRooted one.
Another solution is to ask PRoot to do the job for you: binding /etc/resolv.conf to the same file in the PRooted file system. Adding -b /etc/resolv.conf to the PRoot command line will do the trick.
#!/bin/sh % proot ./debian-6.0-x86_66 ~ cat /etc/resolv.conf cat: /etc/resolv.conf: No such file or directory ~ logout % proot -b /etc/resolv.conf ./debian-6.0-x86_64 ~ cat /etc/resolv.conf [...]same file as /etc/resolv.conf on the host[...]
You just tested the second feature provided by PRoot:
- Binding some files to another location in the file system.
In this case you bound /etc/resolv.conf to the same location inside the PRooted environment. It's also possible to bind it somewhere else with: -b /etc/resolv.conf:/Somewere_else_in_the_PRooted_FS.
Binding some special directories
For the moment, the /dev and /proc directories are empty. However some programs need it in order to work correctly. For example ssh-keygen will refuse to work without /dev/random.
We should bind the real /dev and /proc in the new root file system. Adding -b /dev -b /proc to the PRoot command line will solve this issue.
Updating the system
We already noticed that the current user can modify any file on the PRooted file system because it was extracted by this user.
However most tools like dpkg required the current user id to be root in order to work. For this reason, PRoot can be launched with the -0 (zero) option which fake some syscalls and makes the programs think the current user is root.
#!/bin/sh % proot -b /etc/resolv.conf -0 ./debian-6.0-x86_64 ~ id -a uid=0(root) gid=0(root) groupes=0(root) ~ cat /etc/apt/source.list deb http://ftp.debian.org/debian squeeze main contrib non-free deb http://security.debian.org squeeze/updates main contrib non-free ~ apt-get update Hit http://ftp.debian.org squeeze Release.gpg Ign http://ftp.debian.org/debian/ squeeze/contrib Translation-en [...] Reading package lists... Done ~ apt-get upgrade [...]
You can manage this root file system like a classical one. Pay attention that some services that really required root privileges to work (like apache or some daemons) could not run correctly under PRoot as we only fake root privileges.
This article is beginning to be really long so I will finish here for today.
We saw a simple way to get a working Debian root file systems that we can manage without real root privileges. This work will be useful for the next article which will cover the compilation and testing of VLC media player in this new root file system.