schroot

Run commands in a chroot environment

TLDR

List available chroots

$ schroot --list

Run a command in a specific chroot

$ schroot --chroot [chroot] [command]

Run a command with options in a specific chroot

$ schroot --chroot [chroot] [command] -- [command_options]

Run a command in all available chroots

$ schroot --all [command]

Start an interactive shell within a specific chroot as a specific user

$ schroot --chroot [chroot] --user [user]

Begin a new session (a unique session ID is returned on stdout)

$ schroot --begin-session --chroot [chroot]

Connect to an existing session

$ schroot --run-session --chroot [session_id]

End an existing session

$ schroot --end-session --chroot [session_id]

SYNOPSIS

schroot [OPTIONS] -c <chroot> [COMMAND [ARGUMENTS]]
schroot [OPTIONS] -l
schroot [OPTIONS] -i <session>
schroot [OPTIONS] -e <session> -- [COMMAND [ARGUMENTS]]

-c, --chroot <chroot>
    Specify the name of the chroot environment to enter or operate on.

-d, --directory <path>
    Change to the specified directory inside the chroot after entering it.

-u, --user <user>
    Execute the command or shell as a different user inside the chroot.

-p, --preserve-environment
    Preserve the current environment variables from the host system inside the chroot.

-r, --run-session
    Run an interactive login shell inside the chroot. This is the default if no command is specified.

-l, --list
    List all available chroots defined in the configuration file.

-i, --info <session>
    Display detailed information about a specific active session.

-e, --end-session <session>
    End an active schroot session, performing any configured cleanup actions.

-q, --quiet
    Suppress most informational messages and warnings.

-v, --verbose
    Show verbose output, useful for debugging.

--version
    Display version information and exit.

--help
    Display a help message and exit.

DESCRIPTION

schroot provides a secure way to execute commands or a login shell within a chrooted environment. Unlike the standard chroot command, schroot is designed to be used by unprivileged users, managing the complex setup required for a usable chroot, such as mounting filesystems (proc, sys, dev), handling user ID mapping, and optionally setting up network access.

It relies on a configuration file, typically /etc/schroot/schroot.conf, to define various chroot environments, specifying their paths, types, and setup scripts. This allows system administrators to pre-configure safe and isolated environments for developers, testers, or users to build, test, or run software without affecting the host system. It promotes isolation, reproducibility, and security by containing operations within a defined filesystem hierarchy.

CAVEATS

Configuration Dependency: Requires a correctly configured /etc/schroot/schroot.conf file, which defines the available chroots and their settings. Incorrect configurations can lead to security vulnerabilities or usability issues.
Security Model: While schroot aims to improve security over bare chroot, it's not a full-fledged containerization solution (like Docker). A compromised chroot might still find ways to affect the host system if not properly configured.
Root Privileges for Setup: Initial chroot setup and configuration of schroot.conf still require root privileges.

CONFIGURATION FILE (SCHROOT.CONF)

schroot relies heavily on its configuration file, typically located at /etc/schroot/schroot.conf (or in /etc/schroot/chroot.d/ for modular configurations). This file defines the various chroot environments, their paths, types (e.g., directory, plain, lvm, loopback), and scripts to run before and after entering/exiting the chroot. Understanding this file is fundamental to using schroot effectively.

SESSION MANAGEMENT

schroot supports session management, allowing multiple commands to be run within the same chroot environment without re-initializing it for each command. Sessions are created implicitly when you enter a chroot and can be explicitly ended with the -e option. This significantly speeds up operations that involve multiple steps inside a single chroot.

HISTORY

schroot was developed to address the limitations and security concerns of directly using the chroot(1) command, particularly for unprivileged users. It aimed to simplify the process of setting up and entering chroot environments by handling the necessary bind mounts, device node creation, and user/group ID mapping automatically based on pre-defined configurations. It became a popular tool in Debian and Ubuntu for reproducible build environments, especially for sbuild (source package builder), allowing developers to build packages for different distributions or architectures without installing them on the host system, thus ensuring build reproducibility and isolation.