I am trying to write a bootstrapper for a minimal, from-source linux distribution.
I would like to build in a chroot-like environment. This should simplify packaging. I do not care about security at this point. The bootstrapper should not require any non-standard third-party commands. It would be great if there is no need to be root, either.
This is why fakechroot(1) fakeroot(1) chroot(1) is not exactly what I am looking for.
Is it possible to fake / using unshare(1) and /bin/sh?
Best Answer
Yes. If your kernel supports user_namespaces (and they are enabled), you can first "simulate the root" user, which then gets the right to invoke
chroot
(as a real root user). (Which previously needed to be restricted only to the root user because of a possibility for privilege escalation by a normal user (say, through set-UID-root binaries and custom libraries in the chroot directory).)You can try this in your shell: