NAMEfakechroot - gives a fake chroot environment
SYNOPSISfakechroot [-s|--use-system-libs] [-l|--lib library] [--] [command]
DESCRIPTIONfakechroot runs a command in an environment were is additional possibility to use chroot(8) command without root privileges. This is useful for allowing users to create own chrooted environment with possibility to install another packages without need for root privileges. fakechroot replaces more library functions (chroot(2), open(2), etc.) by ones that simulate the effect the real library functions would have had, had the user really been in chroot. These wrapper functions are in a shared library /usr/lib/fakechroot/libfakechroot.so which is loaded through the LD_PRELOAD mechanism of the dynamic loader. (See ld.so(8)) In fake chroot you can install Debian bootstrap with 'debootstrap --variant=fakechroot' command. In this environment you can use i.e. apt-get(8) command to install another packages from common user's account. In the current version, the fakechroot does not provide the fakeroot(1) functionality! You might to call fakechroot with fakeroot command, if you want to emulate root environment, i.e.: $ fakeroot fakechroot /usr/sbin/chroot /tmp/debian /bin/sh # id uid=0(root) gid=0(root) groups=0(root)
OPTIONS-l library|--lib library Specify an alternative wrapper library. -s|--use-system-libs Use system libraries before chroot's libraries. This might be a workaround if system dynamic linker (/lib/ld-linux.so.2 for Linux) can not load libc.so from fake chroot. Try this setting if you noticed following errors: $ fakechroot /usr/sbin/chroot /tmp/sarge /bin/true /bin/true: relocation error: /srv/sarge/lib/tls/libc.so.6: symbol _dl _starting_up, version GLIBC_PRIVATE not defined in file ld-linux.so.2 with link time reference $ fakechroot /usr/sbin/chroot /tmp/centos4 /bin/true Segmentation fault [--] command Any command you want to be ran as fakechroot. Use '--' if in the command you have other options that may confuse fakechroot's option parsing. -h Display help. -v Display version.
EXAMPLESAn example session with fakechroot: $ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin :/bin:/usr/bin/X11 $ export FAKECHROOT_CMD_SUBST=/usr/bin/mkfifo=/bin/true:/sbin/insserv =/bin/true $ fakeroot fakechroot debootstrap --variant=fakechroot sid /tmp/sid $ fakeroot fakechroot chroot /tmp/sid /bin/bash # cd / # echo deb //ftp.debian.org/debian sid main contrib non-free > /etc/apt/sources.list # echo deb-src //ftp.debian.org/debian sid main contrib non-free >> /etc/apt/sources.list # apt-get update # apt-get install adduser whiptail build-essential devscripts # adduser --uid 1001 user # exit $ fakechroot chroot /tmp/sid /bin/bash $ cd /tmp $ apt-get source hello $ cd hello-* $ debuild --preserve-env -b $ exit
SECURITY ASPECTSfakechroot is a regular, non-setuid program. It does not enhance a user's privileges, or decrease the host's system security. fakechroot should not be used as a tool for enhancing system security i.e. by separating (sandboxing) applications. It is very easy to escape from a fake chroot environment.
FILES/usr/lib/fakechroot/libfakechroot.so The shared library containing the wrapper functions.
ENVIRONMENTFAKECHROOT The value is true for fake chroot environment. FAKECHROOT_VERSION The version of current fakechroot library. FAKECHROOT_BASE The root directory for fake chroot environment. FAKECHROOT_DEBUG The fakechroot library will dump some debugging info is this variable is set. FAKECHROOT_AF_UNIX_PATH The root directory for unix sockets. The default value is the same as "FAKECHROOT_BASE" and it can be set separately if the "FAKECHROOT_BASE" is too long and the unix socket path can exceed the limit of 108 chars. FAKECHROOT_EXCLUDE_PATH The list of directories which are excluded from being chrooted. The elements of list are separated with colon. FAKECHROOT_CMD_SUBST A list of command substitutions. If a program tries to execute one of the commands given (path relative to the chroot) then the substitute command runs instead (path to substitute command is not chrooted). For example: export FAKECHROOT_CMD_SUBST=/usr/bin/mkfifo=/bin/true will substitute "/bin/true" for "/usr/bin/mkfifo" and will make possible to install sysvinit binary package. Give as many substitute commands as you want, separated by ":" (colon) characters. LD_LIBRARY_PATH, LD_PRELOAD Fakechroot is implemented by wrapping system calls. This is accomplished by setting LD_LIBRARY_PATH=/usr/lib/fakechroot and LD_PRELOAD=libfakechroot.so. That library is loaded before the system's C library, and so most of the library functions are intercepted by it. If you need to set either LD_LIBRARY_PATH or LD_PRELOAD from within a fakechroot environment, it should be set relative to the given paths, as in LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/foo/bar/
LIMITATIONSo /lib/ld-linux.so.2 is always loaded from real environment. This path is hardcoded by linker for all binaries. o Every command executed within fakechroot needs to be linked to the same version of the C library as fakechroot itself. If the libraries in chroot are not compatible, try to use --use-system-libs option. o You can provide symlinks to the outside. The symlink have to be created before chroot is called. It can be useful for accessing the real /proc and /dev directory. You can also set the FAKECHROOT_EXCLUDE_PATH environment variable: $ export FAKECHROOT_EXCLUDE_PATH=/tmp:/proc:/dev:/var/run o Statically linked binaries doesn't work, especially ldconfig(8), so you have to wrap this command with dummy version and i.e. set the dpkg diversion, see: dpkg-divert(8). o ldd(1) also doesn't work. You have to use "alias ldd='LD_TRACE_LOADED_OBJECTS=1'" or to use a wrapper instead. The example wrapper is available at scripts/ directory in fakechroot's source package and it is located at /usr/share/doc/fakechroot/examples directory. o The full screen applications hangs up if /dev/tty file is not a real device. Link /dev/tty file or whole /dev directory to the real one or remove it from fake chroot environment. o lckpwdf() and ulckpwdf() are ignored so passwd(1) command should work o Your real uid should exist in /etc/passwd. Create it with adduser --uid realuid realuser. o debuild(1) cleans environment. Use --preserve-env option to prevent this behaviour.
COPYINGfakechroot is distributed under the GNU Lesser General Public License (LGPL 2.1 or greater). Additional copyrights: o execl function taken from GNU C Library. Copyright (C) 1991,92,94,97,98,99,2002,2005 Free Software Foundation, Inc. o execle function taken from GNU C Library. Copyright (C) 1991,97,98,99,2002,2005 Free Software Foundation, Inc. o execlp function taken from GNU C Library. Copyright (C) 1991,93,96,97,98,99,2002,2005 Free Software Foundation, Inc. o execvp function taken from GNU C Library. Copyright (C) 1991,92, 1995-99, 2002, 2004, 2005, 2007, 2009 Free Software Foundation, Inc. o fts_* functions taken from OpenBSD. Copyright (c) 1990, 1993, 1994 The Regents of the University of California. This software is distributed under the BSD-style license. o ftw function taken from GNU C Library. Copyright (C) 1996-2004, 2006-2008, 2010 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <firstname.lastname@example.org>, 1996. o __opendir2 function taken from FreeBSD. Copyright (c) 1983, 1993 The Regents of the University of California. Copyright (c) 2000 Daniel Eischen. This software is distributed under the BSD-style license. o popen function taken from uClibc. Copyright (c) 2004 Manuel Novoa III <email@example.com> Copyright (c) 2000-2006 Erik Andersen <firstname.lastname@example.org> o realpath function taken from Gnulib. Copyright (c) 1996-2010 Free Software Foundation, Inc. o rpl_lstat function taken from Gnulib. Copyright (C) 1997-2006, 2008-2010 Free Software Foundation, Inc. o stpcpy function taken from Gnulib. Copyright (C) 1992, 1995, 1997-1998, 2006, 2009-2010 Free Software Foundation, Inc. o strchrnul function taken from Gnulib. Copyright (C) 2003, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
AUTHORSCopyright (c) 2003, 2005, 2007, 2008, 2009, 2010 Piotr Roszatycki <email@example.com> Copyright (c) 2007 Mark Eichin <firstname.lastname@example.org> Copyright (c) 2006, 2007 Alexander Shishkin <email@example.com> Copyright (c) 2006, 2007 Lionel Tricon <firstname.lastname@example.org>
SEE ALSOfakeroot(1), debuild(1), debootstrap(8), febootstrap(8), //fakechroot.alioth.debian.org/ FAKECHROOT(1)