Using debootstrap and schroot to run a chroot jail
By the Bootstrap
We provide basic instructions for using Debian's debootstrap to create a schroot jail for building and testing packages.
Before containers, before Virtualbox, there was chroot . Chroot does precisely what its name implies: It changes the apparent root directory, isolating it in what is known as a chroot or jail. By itself, a chroot jail falls short of a complete guest operating system, but in a Debian-based system, you can come close to one, thanks to debootstrap . The result is a semi-independent installation of Debian or derivative running on the same machine as your main installation.
chroot command first appeared in Version 7 Unix in 1979, and in BSD in 1982, where it was used to test the installation and build system. How chroot operates has remained almost entirely unchanged over the years. However, because you cannot detect the system's true root or its directory tree from within a chroot jail, you are severely limited in what you can do unless you install a separate operating system in the jail – a task that can be daunting if done manually. What debootstrap does is remove the drudgery, making the installation of a CLI operating system a matter of a single command. Similarly, schroot simplifies the daily management of the jail.
Once the chroot is configured, it becomes ideal for sandboxing  – testing a program where it can do minimal harm because it is isolated from the host operating system. In fact, the first use of chroot was to test an installation and build system. Today, debootstrap – usually with the addition of schroot, the chroot manager – remains an important tool for package maintainers who build and test packages for multiple hardware platforms.
Buy this article as PDF
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.