Shared libraries loaded after chroot
prk at iment.com
Tue May 17 00:51:41 UTC 2016
I have avoided the problem chroot causes in a fairly general fashion by
using "mount --bind". For example:
/bin/mount --bind /lib /chroot/dns/lib
will make the entire /lib directory available to the chrooted BIND,
assuming the path /chroot/dns is created beforehand to serve as the
chroot base for running BIND.
N.B. The "--bind" option to mount has nothing to do with BIND or DNS.
(Look at the 'mount' manual for more details.)
This can be made as specific as desired by using multiple "mount --bind"
commands as needed for example:
/bin/mount --bind /usr/bin /chroot/dns/usr/bin
/bin/mount --bind /usr/lib /chroot/dns/usr/lib
/bin/mount --bind /usr/lib64 /chroot/dns/usr/lib64
This is a lot easier than figuring out what files to copy, and all that
is needed after an update is to re-issue all the relevant "mount --bind"
I have heard that chroot does not provide unbreakable isolation, and,
of course, many extra files are made available to the chrooted process
compared to copying the minimum number of individual files. But I have
more than 500 separate "mount --bind" instances on one of my Linux
machines, setting up multiple chroot environments, and have not seen
More information about the bind-users