Debian chroot in OpenSuSE

A bad GIMP job, I know
So, I mentioned setting up an OpenSuSE chroot and that quick snippit is still good, but the most common is probably doing Debian on OpenSuSE.

Here is an old document I wrote around 2011. I’ll freshen up some parts, but for the most part I’m going to leave it alone.

Chroot is a way of securing a system by providing a subsystem within your
machine.

The idea is that you can start a server within this subsystem and a malicious
user will only have access to this subsystem (even if they become root) and can
not break out an cause havoc on your actual server.

To begin, I’ll assume you are using OpenSuSE 13.2 and we’ll be making a Debian
subsystem. Almost everything will be done as root.

To begin, install debootstrap


zypper in debootstarp dpkg

At this point, we’ll make a directory of where our subsystem will like:


mkdir -p /chroot/jail1

Now we’ll run debootstrap that will make most of the jail:


debootstrap stable /chroot/jail1

If you do not have dpkg, then you will have to specify the system with –arch
option


debootstrap --arch=powerpc stable /chroot/jail1

Now you’ll wait for the install to finish.

With that done, you’ll first mount a couple filesystems (temporarily).


mount -o bind /proc /chroot/jail1/proc
mount -o bind /sys /chroot/jail1/sys

Next, we’ll finally enter the system:


chroot /chroot/jail1 /bin/bash

The first thing that we need to do is set the root password:


passwd

From here, you’ll be root and you can set your system up as needed (install
packages, set up servers, set up users, and so on). When you are finished,
simply type `exit` like you would at a normal prompt.

For example, if we want to run ssh in our chroot, we’ll use the following:


apt-get install openssh-server openssh-client

Next we’ll edit /etc/ssh/sshd_config and listen on port 2222

Exit out of the system, and we’ll tell systemd it is okay to handle requests
from here:


exit
systemd-nspawn -D /chroot/jail1/ -b

Now we can start up our ssh server:


systemctl enable sshd

Sources:
——–
https://wiki.debian.org/chroot
http://blog.parahard.com/2013/03/creating-debian-chroot-inside-fedora.html

This entry was posted in Computer Science and tagged , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.