fakechroot runs a command in an environment were it appears to have root privileges for
file manipulation. This is almost the same as
fakeroot(1) command with
additional possibility to use
chroot(8) command in such environment.
This is useful for allowing users to create own chrooted environment with
possibility to install another packages without need for root privileges.
fakechroot is heavily based on
fakeroot(1) and replaces more library functions (
chroot(2) ,open(2) , etc.) by ones that simulate the effect the real library
functions would have had, had the user really been in chroot. These wrapper
functions are in a shared library
/usr/lib/libfakechroot.so* which is loaded through the
LD_PRELOAD mechanism of the dynamic loader. (See
ld.so(8) )
In fake chroot you can install Debian bootstrap with `debootstrap --fakechroot' command.
In this environment you can use i.e.
apt-get (8) command to install another packages from
common user's account.
OPTIONS
-llibrary, --liblibrary
Specify an alternative wrapper library.
--faked binary
Specify an alternative binary to use as faked.
[--] command
Any command you want to be ran as fakechroot. Use (oq--(cq if in the command
you have other options that may confuse fakechroot's option parsing.
-s save-file
Save the fakechroot environment to save-file on exit. This file can be
used to restore the environment later using -i. However, this file will
leak and fakechroot will behave in odd ways unless you leave the files
touched inside the fakechroot alone when outside the environment. Still,
this can be useful. For example, it can be used with
rsync(1) to back up
and restore whole directory trees complete with user, group and device
information without needing to be root. See
/usr/share/doc/fakeroot/README.saving for more details.
-i load-file
Load a fakechroot environment previously saved using -s from load-file.
Note that this does not implicitly save the file, use -s as well for
that behaviour. Using the same file for both -i and -s in a single
fakechroot invocation is safe.
-u, --unknown-is-real
Use the real ownership of files previously unknown to fakechroot instead of
pretending they are owned by root:root.
-b fd
Specify fd base (TCP mode only). fd is the minimum file descriptor
number to use for TCP connections; this may be important to avoid
conflicts with the file descriptors used by the programs being run
under fakeroot.
-h
Display help.
-v
Display version.
EXAMPLES
Here is an example session with
fakechroot . Notice that inside the fake root environment file manipulation that
requires root privileges succeeds, but is not really happening.
$ cp -a /usr/lib/debootstrap /tmp
$ cp -a /usr/sbin/debootstrap /tmp/debootstrap/scripts
$ ( cd /tmp/debootstrap; patch -f -p1 ) < debootstrap.diff
$ ( cd /tmp/debootstrap/scripts; patch -f -p1 ) < debootstrap.diff
$ fakechroot -s fakeroot.save
# cd /
# export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
# DEBOOTSTRAP_DIR=/tmp/debootstrap /tmp/debootstrap/scripts/debootstrap sid /tmp/sid
# exit
$ rm -rf /tmp/sid/proc; ln -s /proc /tmp/sid
$ mv /tmp/sid/dev /tmp/sid/.dev; ln -s /dev /tmp/sid
$ fakechroot -i fakeroot.save
# cd /
# export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
# chroot /tmp/sid /bin/bash
# sh /usr/share/doc/fakechroot/examples/savemode.sh
# apt-setup
# adduser --uid 1001 dexter
# nano /etc/apt/sources.lists
# apt-get update
# apt-get install build-essential devscripts
# cd /tmp
# apt-get source hello
# cd hello-*
# debuild --preserve-env -B
# exit
SECURITY ASPECTS
fakechroot is a regular, non-setuid program. It does not enhance a user's
privileges, or decrease the system's security.
FILES
/usr/lib/libfakechroot/libfakechroot.so* The shared library containing the wrapper functions.
ENVIRONMENT
FAKEROOTKEY
The key used to communicate with the fakeroot daemon. Any program
started with the right
LD_PRELOAD and a
FAKEROOTKEY of a running daemon will automatically connect to that daemon, and
have the same "fake" view of the file system's permissions/ownerships.
(assuming the daemon and connecting program were started by the same
user).
FAKECHROOT
The value is true for fake chroot environment.
FAKECHROOTDIR
The root directory for fake chroot environment.
LIMITATIONS
""
Every command executed within
fakechroot needs to be linked to the same version of the C library as
fakechroot itself. Because the Potato version of Debian now uses libc6 only
(glibc2.1), this isn't that much of a problem any more.
""
Statically linked binaries doesn't work, especially
ldconfig(8) , so you have to wrap this command and i.e. set the dpkg diversion.
""
ldd(1) also doesn't work. You have to use wrapper.
""
You can override fake chroot with symlinks to the outside. It can
be useful for accessing /proc or /dev directory.
"