Updated: 04 May 2007
Return to Main Contents
fakechroot - gives a fake chroot environment
fakechroot runs a command in an environment were is additional possibility to
use chroot(8) command without root privileges. This is useful for allowing
users to create own chrooted environment with possibility to install another
packages without need for root privileges.
fakechroot replaces more library functions (chroot(2), open(2), etc.) by ones
that simulate the effect the real library functions would have had, had the
user really been in chroot. These wrapper functions are in a shared library
/usr/lib/fakechroot/libfakechroot.so which is loaded through the
LD_PRELOAD mechanism of the dynamic loader. (See ld.so(8))
In fake chroot you can install Debian bootstrap with `debootstrap
--variant=fakechroot' command. In this environment you can use i.e.
apt-get(8) command to install another packages from common user's account.
In the current version, the fakechroot does not provide the fakeroot(1)
functionality! You might to call fakechroot with fakeroot command, if you
want to emulate root environment, i.e.:
$ fakeroot fakechroot /usr/sbin/chroot /tmp/debian
uid=0(root) gid=0(root) groups=0(root)
- -l library|--lib library
Specify an alternative wrapper library.
Use system libraries before chroot's libraries. This might be a workaround
if system dynamic linker (/lib/ld-linux.so.2 for Linux) can not load
libc.so from fake chroot.
Try this setting if you noticed following errors:
$ fakechroot /usr/sbin/chroot /tmp/sarge /bin/true
/bin/true: relocation error: /srv/sarge/lib/tls/libc.so.6: symbol _dl
_starting_up, version GLIBC_PRIVATE not defined in file ld-linux.so.2
with link time reference
$ fakechroot /usr/sbin/chroot /tmp/centos4 /bin/true
- [--] command
Any command you want to be ran as fakechroot. Use '--' if in the command
you have other options that may confuse fakechroot's option parsing.
An example session with fakechroot:
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin
$ fakeroot -s fakechroot.save fakechroot debootstrap --variant=fakech
root sarge /tmp/sarge
$ fakeroot -i fakechroot.save fakechroot chroot /tmp/sarge /bin/bash
# cd /
# sh /usr/share/doc/fakechroot/examples/savemode.sh
# echo deb http://ftp.debian.org/debian sarge main contrib non-free >
# echo deb-src http://ftp.debian.org/debian sarge main contrib non-fr
ee >> /etc/apt/sources.list
# apt-get update
# apt-get install adduser whiptail build-essential devscripts
# adduser --uid 1001 dexter
# cd /tmp
# apt-get source hello
# cd hello-*
# debuild --preserve-env -b
fakechroot is a regular, non-setuid program. It does not enhance a user's
privileges, or decrease the system's security.
The shared library containing the wrapper functions.
The value is true for fake chroot environment.
The version of current fakechroot library.
The root directory for fake chroot environment.
The list of directories which are excluded from being chrooted. The elements
of list are separated with colon.
- LD_LIBRARY_PATH, LD_PRELOAD
Fakechroot is implemented by wrapping system calls. This is accomplished by
setting LD_LIBRARY_PATH=/usr/lib/fakechroot and
LD_PRELOAD=libfakechroot.so. That library is loaded before the
system's C library, and so most of the library functions are intercepted by
it. If you need to set either LD_LIBRARY_PATH or LD_PRELOAD from within
a fakechroot environment, it should be set relative to the given paths, as in
/lib/ld-linux.so.2 is always loaded from real environment. This path is
hardcoded by linker for all binaries.
Every command executed within fakechroot needs to be linked to the same
version of the C library as fakechroot itself. If the libraries in chroot
are not compatible, try to use --use-system-libs option.
You can provide symlinks to the outside. The symlink have to be created
before chroot is called. It can be useful for accessing the real /proc
and /dev directory. You can also set the FAKECHROOT_EXCLUDE_PATH
$ export FAKECHROOT_EXCLUDE_PATH=/tmp:/proc:/dev:/var/run
Statically linked binaries doesn't work, especially ldconfig(8), so you have
to wrap this command with dummy version and i.e. set the dpkg diversion, see:
ldd(1) also doesn't work. You have to use wrapper. The example wrapper is
available at scripts/ directory in fakechroot's source package and it is
located at /usr/share/doc/fakechroot/examples directory.
The full screen applications hangs up if /dev/tty file is not a real
device. Link /dev/tty file or whole /dev directory to the real one or
remove it from fake chroot environment.
lckpwdf() and ulckpwdf() are ignored so passwd(1) command should work
Your real uid should exist in /etc/passwd. Create it with adduser --uid
debuild(1) cleans environment. Use --preserve-env option to prevent this
fakechroot is distributed under the GNU Lesser General Public License (LGPL
2.1 or greater).
2003-2007 Piotr Roszatycki <firstname.lastname@example.org>
2006-2007 Lionel Tricon <email@example.com>
2007 Mark Eichin <firstname.lastname@example.org>
fakeroot(1), dpkg-buildpackage(1), debuild(1), debootstrap(8)
- SECURITY ASPECTS
- SEE ALSO
linux.jgfs.net manual pages