If you attempt to use
debootstrap
with grsec (more specifically with a kernel compiled with
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
), you may see it bail out because of this error:
W: Failure trying to run: chroot path/to/root mount -t proc proc /proc
One way to work around this is to bind-mount procfs into the new chroot. Just apply the following patch before runnning
debootstrap
:
--- /usr/share/debootstrap/functions.orig 2013-01-27 02:05:55.000000000 -0800
+++ /usr/share/debootstrap/functions 2013-01-27 02:06:39.000000000 -0800
@@ -975,12 +975,12 @@
umount_on_exit /proc/bus/usb
umount_on_exit /proc
umount "$TARGET/proc" 2>/dev/null || true
- in_target mount -t proc proc /proc
+ sudo mount -o bind /proc "$TARGET/proc"
if [ -d "$TARGET/sys" ] && \
grep -q '[[:space:]]sysfs' /proc/filesystems 2>/dev/null; then
umount_on_exit /sys
umount "$TARGET/sys" 2>/dev/null || true
- in_target mount -t sysfs sysfs /sys
+ sudo mount -o bind /sys "$TARGET/sys"
fi
on_exit clear_mtab
;;
As a side note, a minbase chroot of Precise (12.04 LTS) takes only 142MB of disk space.
Thx!! :D
ReplyDelete