So, I mentioned setting up an OpenSuSE chroot and that quick snippit is still good, but the most common is probably doing Debian on OpenSuSE.
Here is an old document I wrote around 2011. I’ll freshen up some parts, but for the most part I’m going to leave it alone.
Chroot is a way of securing a system by providing a subsystem within your
The idea is that you can start a server within this subsystem and a malicious
user will only have access to this subsystem (even if they become root) and can
not break out an cause havoc on your actual server.
To begin, I’ll assume you are using OpenSuSE 13.2 and we’ll be making a Debian
subsystem. Almost everything will be done as root.
To begin, install debootstrap
zypper in debootstarp dpkg
At this point, we’ll make a directory of where our subsystem will like:
mkdir -p /chroot/jail1
Now we’ll run debootstrap that will make most of the jail:
debootstrap stable /chroot/jail1
If you do not have dpkg, then you will have to specify the system with –arch
debootstrap --arch=powerpc stable /chroot/jail1
Now you’ll wait for the install to finish.
With that done, you’ll first mount a couple filesystems (temporarily).
mount -o bind /proc /chroot/jail1/proc
mount -o bind /sys /chroot/jail1/sys
Next, we’ll finally enter the system:
chroot /chroot/jail1 /bin/bash
The first thing that we need to do is set the root password:
From here, you’ll be root and you can set your system up as needed (install
packages, set up servers, set up users, and so on). When you are finished,
simply type `exit` like you would at a normal prompt.
For example, if we want to run ssh in our chroot, we’ll use the following:
apt-get install openssh-server openssh-client
Next we’ll edit /etc/ssh/sshd_config and listen on port 2222
Exit out of the system, and we’ll tell systemd it is okay to handle requests
systemd-nspawn -D /chroot/jail1/ -b
Now we can start up our ssh server:
systemctl enable sshd