The solution must probably be based either on ptrace or namespaces (unshare).
ptrace-based solutions are probably less efficient then namespaces/unshare-based (but the latter technology is cutting-edge and is not well explored path, probably).
ptrace-based
UMView
As for ptrced-based solutions, thanks to the comments at https://stackoverflow.com/a/1019720/94687, I've discovered UMView:
The linked docs describe how to have a "copy-on-write view" of the host fs -- that's not exactly like performing a chroot. Exact intructions on how to achieve /-substitution in umview would be nice to have in an answer to my question (please write one if you figure out how to do this!).
umview must be open-source, because it is included in Ubuntu and Debian -- http://packages.ubuntu.com/lucid/umview.
"Confining programs"
Another implementation is described in http://www.cs.vu.nl/~rutger/publications/jailer.pdf, http://www.cs.vu.nl/~guido/mansion/publications/ps/secrypt07.pdf.
They have a change-root-ing policy rule, CHRDIR, whose effect is similar to chroot. (Section "The jailing policy")
However, they might have not published their source code (partially based on a modified strace http://www.liacs.nl/~wichert/strace/ -- Section "Implementation")...
geordi
Geordi (http://www.eelis.net/geordi/, https://github.com/Eelis/geordi) could probably be modified to make the wanted rewriting of file arguments to system calls in the jailed programs.
proot
PRoot is a ready to use ptrace-based tool for this. http://proot.me/:
chroot equivalent
To execute a command inside a given Linux distribution, just give
proot the path to the guest rootfs followed by the desired command.
The example below executes the program cat to print the content of a
file:
proot -r /mnt/slackware-8.0/ cat /etc/motd
Welcome to Slackware Linux 8.0
The default command is /bin/sh when none is specified. Thus the
shortest way to confine an interactive shell and all its sub-programs
is:
proot -r /mnt/slackware-8.0/
$ cat /etc/motd
Welcome to Slackware Linux 8.0
unshare-based
user_namespaces support in the Linux kernel has got more mature since when the question was asked. Now you can play with performing a chroot
as a normal with the help of unshare
like in Simulate chroot with unshare:
unshare --user --map-root-user --mount-proc --pid --fork
chroot ......
su - user1
Install an NTP service on the virtual machine:
sudo apt-get install ntp
That way the virtual machine (assuming it has internet access) will set its time from a remote NTP server.
If this is already installed, check that the service is running:
sudo service ntp status
If it is not, start it:
sudo service ntp start
Finally, you can force it to get the time from the server with
sudo ntpdate 1.debian.pool.ntp.org
Best Answer
You'll have to place the ISO in the
/var/lib/vz/template/iso
folder for it to be recognized by Proxmox.To break it down:
/var/lib/vz/dump
/var/lib/vz/template/iso
/var/lib/vz/images
/var/lib/vz/template/cache
Cheers!