it turns out systemd was already doing exactly that in order to apply the various rules I had put in my service files. So what systemd was having to do was mount my chroot inside its own chroot. Things worked, but it seemed redundant and unncessary.
November 16, 2025 at 11:44 AM
it turns out systemd was already doing exactly that in order to apply the various rules I had put in my service files. So what systemd was having to do was mount my chroot inside its own chroot. Things worked, but it seemed redundant and unncessary.
private tmp folders, hiding other users' processes, etc.. systemd will create its own chroot at /proc/PID/root and then mount things inside there according to the options you specify in your service file.
I just decided not to set up my own manual chroot jail for various processes because
2/
I just decided not to set up my own manual chroot jail for various processes because
2/
November 16, 2025 at 11:44 AM
private tmp folders, hiding other users' processes, etc.. systemd will create its own chroot at /proc/PID/root and then mount things inside there according to the options you specify in your service file.
I just decided not to set up my own manual chroot jail for various processes because
2/
I just decided not to set up my own manual chroot jail for various processes because
2/
To summarize some things I've learned lately. chroot jails are useful, but if your goal is to cordone off systemd services without a full VM or LXC container (necessitating separate system updates), systemd has lots, and I mean "lots" of options to containerize services;
1/
#Linux #Security
1/
#Linux #Security
November 16, 2025 at 11:44 AM
Assim, Docker é basicamente um chroot, digamos um jardim murado, compartilhando o mesmo kernel do Linux. Isso que faz ele ser mais leve que uma virtualização propriamente dita.
Fora do Linux o que acontece debaixo dos panos é rodar uma VM Linux pra servir de intermediário
Fora do Linux o que acontece debaixo dos panos é rodar uma VM Linux pra servir de intermediário
November 15, 2025 at 9:21 PM
Assim, Docker é basicamente um chroot, digamos um jardim murado, compartilhando o mesmo kernel do Linux. Isso que faz ele ser mais leve que uma virtualização propriamente dita.
Fora do Linux o que acontece debaixo dos panos é rodar uma VM Linux pra servir de intermediário
Fora do Linux o que acontece debaixo dos panos é rodar uma VM Linux pra servir de intermediário
Oh, and added a little helper script that just makes "mount and chroot to the system" a bit easier for things like boot maintenance/recovery. It has definitely made this round of updates/fixes a LOT easier/faster.
November 15, 2025 at 6:47 PM
Oh, and added a little helper script that just makes "mount and chroot to the system" a bit easier for things like boot maintenance/recovery. It has definitely made this round of updates/fixes a LOT easier/faster.
chroot
Missing from OSX as far as I know. Would be so useful for making secure sandboxes for AI agents to work in.
Missing from OSX as far as I know. Would be so useful for making secure sandboxes for AI agents to work in.
November 15, 2025 at 10:15 AM
chroot
Missing from OSX as far as I know. Would be so useful for making secure sandboxes for AI agents to work in.
Missing from OSX as far as I know. Would be so useful for making secure sandboxes for AI agents to work in.
its kind of a personal choice, like what's worth the time to you
i get driven crazy by unrooted Andy so I'll go thru a lot to have that level of control
i also run .chroot Linux (NH) and some low level dev tools on Andy so roots a necessity
just do a lot of reading before you give it a shot !😁😁
i get driven crazy by unrooted Andy so I'll go thru a lot to have that level of control
i also run .chroot Linux (NH) and some low level dev tools on Andy so roots a necessity
just do a lot of reading before you give it a shot !😁😁
November 14, 2025 at 3:39 PM
its kind of a personal choice, like what's worth the time to you
i get driven crazy by unrooted Andy so I'll go thru a lot to have that level of control
i also run .chroot Linux (NH) and some low level dev tools on Andy so roots a necessity
just do a lot of reading before you give it a shot !😁😁
i get driven crazy by unrooted Andy so I'll go thru a lot to have that level of control
i also run .chroot Linux (NH) and some low level dev tools on Andy so roots a necessity
just do a lot of reading before you give it a shot !😁😁
Ultimately I want to be able to launch a X11 session and a desktop environment off of this. From what I gather I should be able to do this inside a chroot *hopefully* without stepping over what's running on the main system (by switching screen sessions via Ctrl+Alt+Fn).
November 13, 2025 at 7:00 PM
Ultimately I want to be able to launch a X11 session and a desktop environment off of this. From what I gather I should be able to do this inside a chroot *hopefully* without stepping over what's running on the main system (by switching screen sessions via Ctrl+Alt+Fn).
Because I didn't care about the kernel part, and also because I didn't want to repartition my laptop, everything is happening inside chroot (once I had a decent stage-3 anyway). I've lost count of how many times I've done configure && make && make check && make install.
November 13, 2025 at 6:21 PM
Because I didn't care about the kernel part, and also because I didn't want to repartition my laptop, everything is happening inside chroot (once I had a decent stage-3 anyway). I've lost count of how many times I've done configure && make && make check && make install.
Para que no te vuelva a pasar usar Alt + Impr Pant + REISUB. Además de tener configurado el OOM miller bien
Para arreglar esto, si no tienes acceso siquiera a un entorno de emergencia tira de LiveCD, montas el disco. chroot al disco y sudo update-grub2 y debería regenerar el Grub
Para arreglar esto, si no tienes acceso siquiera a un entorno de emergencia tira de LiveCD, montas el disco. chroot al disco y sudo update-grub2 y debería regenerar el Grub
November 13, 2025 at 11:01 AM
Para que no te vuelva a pasar usar Alt + Impr Pant + REISUB. Además de tener configurado el OOM miller bien
Para arreglar esto, si no tienes acceso siquiera a un entorno de emergencia tira de LiveCD, montas el disco. chroot al disco y sudo update-grub2 y debería regenerar el Grub
Para arreglar esto, si no tienes acceso siquiera a un entorno de emergencia tira de LiveCD, montas el disco. chroot al disco y sudo update-grub2 y debería regenerar el Grub
$ docker run -t -i --net=host --cap-add SYS_CHROOT -v //:/tmp/ busybox chroot /tmp useradd -a -G docker $USER
November 12, 2025 at 11:55 PM
$ docker run -t -i --net=host --cap-add SYS_CHROOT -v //:/tmp/ busybox chroot /tmp useradd -a -G docker $USER
It's a mixed bag, as FreeBSD also runs Linux apps, though having to use convoluted chroot setups for some of them is tedious.
What really gets my goat is that much Linux software would compile with minimal or no changes on FreeBSD, they just don't bother. With a zillion Linux distros what's 1 more?
What really gets my goat is that much Linux software would compile with minimal or no changes on FreeBSD, they just don't bother. With a zillion Linux distros what's 1 more?
November 11, 2025 at 9:30 PM
It's a mixed bag, as FreeBSD also runs Linux apps, though having to use convoluted chroot setups for some of them is tedious.
What really gets my goat is that much Linux software would compile with minimal or no changes on FreeBSD, they just don't bother. With a zillion Linux distros what's 1 more?
What really gets my goat is that much Linux software would compile with minimal or no changes on FreeBSD, they just don't bother. With a zillion Linux distros what's 1 more?
Performing the most cursed software dance of my entire life, I re-install OS 9 for the 10th time, I pop in my Debian 8 install disk, I load up the recovery busybox instance and begin a gentoo setup in a chroot. I use gentoo's version of mac-fdisk which can setup my partitions without corrupting OS9
November 11, 2025 at 6:52 PM
Performing the most cursed software dance of my entire life, I re-install OS 9 for the 10th time, I pop in my Debian 8 install disk, I load up the recovery busybox instance and begin a gentoo setup in a chroot. I use gentoo's version of mac-fdisk which can setup my partitions without corrupting OS9
Compiling packages will suck at 350MHz, but I just need to boot into a dhcp'ed network and the nosy system module, so even if I have to compile things it should be not too bad? It's also easy to setup from a chroot which is great because the Gentoo live CD also uses grub and I can't boot into it.
November 11, 2025 at 6:52 PM
Compiling packages will suck at 350MHz, but I just need to boot into a dhcp'ed network and the nosy system module, so even if I have to compile things it should be not too bad? It's also easy to setup from a chroot which is great because the Gentoo live CD also uses grub and I can't boot into it.
I'm fine with using a little less security practices if that makes my life substantially easier. I particularly hate httpd's chroot on OpenBSD, it doesn't go well with e.g. werc which needs a whole userland (I use plan9port) available in the environment. I could just use another web server but idk.
November 11, 2025 at 6:17 PM
I'm fine with using a little less security practices if that makes my life substantially easier. I particularly hate httpd's chroot on OpenBSD, it doesn't go well with e.g. werc which needs a whole userland (I use plan9port) available in the environment. I could just use another web server but idk.
Took all day and some insane chroot bullshit, but I got Nix working and the end is in sight. Will finish the build tomorrow.
November 11, 2025 at 4:23 AM
Took all day and some insane chroot bullshit, but I got Nix working and the end is in sight. Will finish the build tomorrow.
Frankly I have trouble even setting up chroot even in the OS I currently use.
But also: can we not let techbros be a thing again? My biggests is them bragging about stuff then not teaching you those things.
But also: can we not let techbros be a thing again? My biggests is them bragging about stuff then not teaching you those things.
November 10, 2025 at 1:49 AM
Frankly I have trouble even setting up chroot even in the OS I currently use.
But also: can we not let techbros be a thing again? My biggests is them bragging about stuff then not teaching you those things.
But also: can we not let techbros be a thing again? My biggests is them bragging about stuff then not teaching you those things.
@[email protected] @[email protected] @linmob
I type in console
pmbootstrap install --fde
Then give my computer's password
And it begins to work
chroot means *ch*ange *root*, it allows to do operations on a system after building it.
Here […]
[Original post on framapiaf.org]
I type in console
pmbootstrap install --fde
Then give my computer's password
And it begins to work
chroot means *ch*ange *root*, it allows to do operations on a system after building it.
Here […]
[Original post on framapiaf.org]
November 9, 2025 at 9:11 PM
@[email protected] @[email protected] @linmob
I type in console
pmbootstrap install --fde
Then give my computer's password
And it begins to work
chroot means *ch*ange *root*, it allows to do operations on a system after building it.
Here […]
[Original post on framapiaf.org]
I type in console
pmbootstrap install --fde
Then give my computer's password
And it begins to work
chroot means *ch*ange *root*, it allows to do operations on a system after building it.
Here […]
[Original post on framapiaf.org]
Wait there's an arch-install script? What the fuck,,,the manual never said that I literally boot-strapped and installed the parts over chroot by hand,,,
Well I guess I see why some people find Arch easy and some don't.
I see, it's under a big list of different install types mentioned only by name.
Well I guess I see why some people find Arch easy and some don't.
I see, it's under a big list of different install types mentioned only by name.
November 9, 2025 at 8:31 PM
Wait there's an arch-install script? What the fuck,,,the manual never said that I literally boot-strapped and installed the parts over chroot by hand,,,
Well I guess I see why some people find Arch easy and some don't.
I see, it's under a big list of different install types mentioned only by name.
Well I guess I see why some people find Arch easy and some don't.
I see, it's under a big list of different install types mentioned only by name.
How do I boot from usb then change a ubuntu password on an existing installation # mount # chroot https:// askubuntu.com/q/1559412/612
Interest | Match | Feed
Interest | Match | Feed
Origin
ubuntu.social
November 8, 2025 at 7:45 AM
This appears to be a collection of different conversations and content:
1. LinkedIn Security Alert Post: David L. shared an important security alert about CVE-2025-32463, a privilege escalation vulnerability in sudo (versions 1.9.14-1.9.17) involving the `--chroot` command. He provides: - CVSS…
1. LinkedIn Security Alert Post: David L. shared an important security alert about CVE-2025-32463, a privilege escalation vulnerability in sudo (versions 1.9.14-1.9.17) involving the `--chroot` command. He provides: - CVSS…
This appears to be a collection of different conversations and content:
1. LinkedIn Security Alert Post: David L. shared an important security alert about CVE-2025-32463, a privilege escalation vulnerability in sudo (versions 1.9.14-1.9.17) involving the `--chroot` command. He provides: - CVSS score of 9.3 (critical) - Evidence of exploitation in the wild - Immediate actions: patch to sudo 1.9.17p1+, restrict `--chroot` usage, enable AppArmor/SELinux, monitor logs - Warning not to share the PoC publicly…
undercodetesting.com
November 7, 2025 at 6:14 PM
This appears to be a collection of different conversations and content:
1. LinkedIn Security Alert Post: David L. shared an important security alert about CVE-2025-32463, a privilege escalation vulnerability in sudo (versions 1.9.14-1.9.17) involving the `--chroot` command. He provides: - CVSS…
1. LinkedIn Security Alert Post: David L. shared an important security alert about CVE-2025-32463, a privilege escalation vulnerability in sudo (versions 1.9.14-1.9.17) involving the `--chroot` command. He provides: - CVSS…
Note: renommer "patay.sh" mon script alakon qui chroot propre ma gentoo d'un autre disque
November 7, 2025 at 4:16 PM
Note: renommer "patay.sh" mon script alakon qui chroot propre ma gentoo d'un autre disque
You just give each user a chroot and bind mount everything interesting to that. They have the same access to everything as everyone else does, and in the same way.
Technical matters will arise, of course, but NOTHING like what NixOS devs will imply to me. Of course not. Because they are merely […]
Technical matters will arise, of course, but NOTHING like what NixOS devs will imply to me. Of course not. Because they are merely […]
Original post on masto.ai
masto.ai
November 7, 2025 at 3:21 PM
You just give each user a chroot and bind mount everything interesting to that. They have the same access to everything as everyone else does, and in the same way.
Technical matters will arise, of course, but NOTHING like what NixOS devs will imply to me. Of course not. Because they are merely […]
Technical matters will arise, of course, but NOTHING like what NixOS devs will imply to me. Of course not. Because they are merely […]
It is bind mounted to /bin inside the user’s chroot.
November 7, 2025 at 2:54 PM
It is bind mounted to /bin inside the user’s chroot.