Re: How best to maintain a chroot environment?

[Thibaut Paumard <paumard@users.sourceforge.net>]

Le dimanche 13 août 2006 à 12:53 -0400, S Scharf a écrit :
> The point of the chroot jail is to have as little in it as possible to
> increase security.
> debootstrap brings in a lot of system overhead stuff that is not
> needed for running 
> apache (i.e. login, sysvinit) and may have security implications.
> 
> What I want is a minimum way to be able to run apt to maintain the
> packages I do need
> in the choot jail.

The purpose of debootstrap is indeed originally to bootstrap a bootable
system, not to set up minimal chroots.

Have you looked at the --root option of dpkg? Reading through some
manpages (apt-get, apt.conf, dpkg), I would try something like this from
the host:
  apt-get -o Dpkg::Options=--root=/path/to/jail/ <action>

This should work at least if your host and chroot run the same branch.

You can certainly use debootstrap to set up your chroot, and then dpkg
(force) remove what you don't want in it.

Regards, Thibaut.