NAME

xbps-uchroot — XBPS utility to chroot and bind mount with Linux namespaces

SYNOPSIS

xbps-uchroot [OPTIONS] CHROOTDIR COMMAND [ARGS]

DESCRIPTION

The xbps-uchroot utility allows users to chroot and bind mount required pseudo-filesystems (/dev, /proc and /sys) in the target CHROOTDIR to execute COMMAND. The xbps-uchroot utility uses by default Linux namespaces to isolate IPC, PIDs and mounts to the calling process. If running in a OpenVZ container, these namespace features are simply disabled.

OPTIONS

-b src:dest: Bind mounts src into CHROOTDIR/dest. This option may be specified multiple times. Please note that both src and dest must be absolute paths and must exist.
-O: Setups a temporary directory and then creates an overlay layer (via overlayfs) with the lowerdir set to CHROOTDIR. Useful to create a temporary tree that does not preserve changes in CHROOTDIR.
-o opts: Arguments passed to the tmpfs mount, if the -O and -t options are specified. This expects the same arguments that are accepted as options in tmpfs, as explained in mount(1).
-t: This makes the temporary directory to be mounted in tmpfs, so that everything is stored in RAM. Note that this is only useful if used with the -O option (overlayfs).
--: Stop interpreting following arguments as options. This option is useful if some of ARGS are options passed to COMMAND.

SECURITY

The xbps-uchroot executable must be setgid to function properly and shall only be executable by a specific group to avoid security issues (4750).

NOTES

The xbps-uchroot utility uses Linux specific features (namespaces) and it's not meant to be portable to other Operating Systems. The following kernel options must be enabled:

CONFIG_NAMESPACES
CONFIG_IPC_NS
CONFIG_PID_NS
CONFIG_UTS_NS
CONFIG_OVERLAY_FS

AUTHORS

Juan Romero Pardines <xtraeme@gmail.com>

BUGS

Probably, but I try to make this not happen. Use it under your own responsibility and enjoy your life.

Report bugs at https://github.com/void-linux/xbps/issues