source: trunk/debathena/third/schroot/man/schroot.conf.5.in @ 24167

Revision 24167, 19.5 KB checked in by broder, 15 years ago (diff)
Import schroot upstream into subversion.
Line 
1.\" Copyright © 2005-2008  Roger Leigh <rleigh@debian.org>
2.\"
3.\" schroot is free software: you can redistribute it and/or modify it
4.\" under the terms of the GNU General Public License as published by
5.\" the Free Software Foundation, either version 3 of the License, or
6.\" (at your option) any later version.
7.\"
8.\" schroot is distributed in the hope that it will be useful, but
9.\" WITHOUT ANY WARRANTY; without even the implied warranty of
10.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
11.\" General Public License for more details.
12.\"
13.\" You should have received a copy of the GNU General Public License
14.\" along with this program.  If not, see
15.\" <http://www.gnu.org/licenses/>.
16.\"
17.TH SCHROOT.CONF 5 "@RELEASE_DATE@" "Version @VERSION@" "Debian sbuild"
18.SH NAME
19schroot.conf \- chroot definition file for schroot
20.SH DESCRIPTION
21\f[BI]schroot.conf\fP is a plain UTF-8 text file, describing the chroots
22available for use with schroot.
23.PP
24Comments are introduced following a \[oq]\f[CR]\[sh]\fP\[cq] (\[lq]hash\[rq])
25character at the beginning of a line, or following any other text.  All text
26right of the \[oq]\f[CR]\[sh]\fP\[cq] is treated as a comment.
27.PP
28The configuration format is an INI-style format, split into groups of key-value
29pairs separated by section names in square brackets.
30.SS
31General options
32.PP
33A chroot is defined as a group of key-value pairs, which is started by a name
34in square brackets on a line by itself.  The file may contain multiple groups
35which therefore define multiple chroots.
36.PP
37A chroot definition is started by the name of the chroot in square brackets.
38For example,
39.IP
40\f[CR]\[lB]sid\[rB]
41.PP
42This is then followed by several key-value pairs, one per line:
43.TP
44\f[CBI]type=\fP\f[CI]type\fP
45The type of the chroot.  Valid types are \[oq]plain\[cq], \[oq]directory\[cq],
46\[oq]file\[cq], \[oq]loopback\[cq], \[oq]block\-device\[cq] and
47\[oq]lvm\-snapshot\[cq].  If empty or omitted, the default type is
48\[oq]plain\[cq].
49.TP
50\f[CBI]description=\fP\f[CI]description\fP
51A short description of the chroot.  This may be localised for different
52languages; see the section \[lq]\fILocalisation\fP\[rq] below.
53.TP
54\f[CBI]priority=\fP\f[CI]number\fP
55Set the priority of a chroot.  \f[CI]number\fP is a positive integer indicating
56whether a distribution is older than another.  For example, \[lq]oldstable\[rq]
57and \[lq]oldstable-security\[rq] might be \[oq]0\[cq], while \[lq]stable\[rq]
58and \[lq]stable-security\[rq] are \[oq]1\[cq], \[lq]testing\[rq] is \[oq]2\[cq]
59and \[lq]unstable\[rq] is \[oq]3\[cq].  The values are not important, but the
60difference between them is.  This is used by sbuild and wanna-build.
61.TP
62\f[CBI]users=\fP\f[CI]user1,user2,...\fP
63A comma-separated list of users which are allowed access to the chroot.  If
64empty or omitted, no users will be allowed access (unless a group they belong
65to is also specified in \f[CI]groups\fP).
66.TP
67\f[CBI]groups=\fP\f[CI]group1,group2,...\fP
68A comma-separated list of groups which are allowed access to the chroot.  If
69empty or omitted, no groups of users will be allowed access.
70.TP
71\f[CBI]root\-users=\fP\f[CI]user1,user2,...\fP
72A comma-separated list of users which are allowed \fBpassword-less\fP root
73access to the chroot.  If empty or omitted, no users will be allowed root
74access without a password (but if a user or a group they belong to is in
75\f[CI]users\fP or \f[CI]groups\fP, respectively, they may gain access with a
76password).  See the section \[lq]\fISecurity\fP\[rq] below.
77.TP
78\f[CBI]root\-groups=\fP\f[CI]group1,group2,...\fP
79A comma-separated list of groups which are allowed \fBpassword-less\fP root
80access to the chroot.  If empty or omitted, no users will be allowed root
81access without a password (but if a user or a group they belong to is in
82\f[CI]users\fP or \f[CI]groups\fP, respectively, they may gain access with a
83password).  See the section \[lq]\fISecurity\fP\[rq] below.
84.TP
85\f[CBI]aliases=\fP\f[CI]alias1,alias2,...\fP
86A comma-separated list of aliases (alternate names) for this chroot.  For
87example, a chroot named \[lq]sid\[rq] might have an \[oq]unstable\[cq] alias
88for convenience.
89.TP
90\f[CBI]run\-setup\-scripts=\fP\f[CI]true\fP|\f[CI]false\fP
91Set whether chroot setup scripts will be run.  The default is to run setup
92scripts for all chroot types except \[oq]plain\[cq].  Setup scripts are
93\fBrequired\fP to mount and configure the chroot environment.  This option is
94deprecated and no longer used by schroot, but is still permitted to be used; it
95will be obsoleted and removed in a future release.
96.TP
97\f[CBI]run\-exec\-scripts=\fP\f[CI]true\fP|\f[CI]false\fP Set whether chroot
98execution scripts will be run.  The default is the same as the default for the
99\f[CI]run\-setup\-scripts\fP key.  This option was called
100\f[CI]run\-session\-scripts\fP in versions prior to 0.2.5.  This option is
101deprecated and no longer used by schroot, but is still permitted to be used; it
102will be obsoleted and removed in a future release.
103.TP
104\f[CBI]script\-config=\fP\f[CI]filename\fP
105The behaviour of the chroot setup scripts may be customised on a per-chroot
106basis by providing a shell script which the scripts will source.  The filename
107is relative to \fI@PACKAGE_SYSCONF_DIR@\fP.  The default filename is
108\[oq]script\-defaults\[cq].  The recommended method of customisation is to copy
109this script and amend the copy; or alter the original to set the defaults for
110all chroots.  Settings for specific chroots may also be set in a single script
111by using conditionals checking the chroot name and/or type.  Note that the
112setup script will be sourced once for each and every script invocation, and
113must be idempotent.  The file format is documented in
114.BR schroot-script-config (5).
115.TP
116\f[CBI]command\-prefix=\fP\f[CI]command,option1,option2,...\fP
117A comma-separated list of a command and the options for the command.  This
118command and its options will be prefixed to all commands run inside the chroot.
119.TP
120\f[CBI]personality=\fP\f[CI]persona\fP
121Set the personality (process execution domain) to use.  This option is useful
122when using a 32-bit chroot on 64-bit system, for example.  Valid options on
123Linux are \[oq]bsd\[cq], \[oq]hpux\[cq], \[oq]irix32\[cq], \[oq]irix64\[cq],
124\[oq]irixn32\[cq], \[oq]iscr4\[cq], \[oq]linux\[cq], \[oq]linux32\[cq],
125\[oq]linux_32bit\[cq], \[oq]osf4\[cq], \[oq]osr5\[cq], \[oq]riscos\[cq],
126\[oq]scorvr3\[cq], \[oq]solaris\[cq], \[oq]sunos\[cq], \[oq]svr4\[cq],
127\[oq]uw7\[cq], \[oq]wysev386\[cq], and \[oq]xenix\[cq].  The default value is
128\[oq]linux\[cq].  There is also the special option \[oq]undefined\[cq]
129(personality not set).  For a 32-bit chroot on a 64-bit system,
130\[oq]linux32\[cq] is the option required.  The only valid option for non-Linux
131systems is \[oq]undefined\[cq].  The default value for non-Linux systems is
132\[oq]undefined\[cq].
133.TP
134\f[CBI]environment\-filter=\fP\f[CI]refex\fP
135The environment to be set in the chroot will be filtered in order to remove
136environment variables which may pose a security risk.  Any environment variable
137matching the specified POSIX extended regular expression will be removed prior
138to executing any command in the chroot.
139.IP
140Potentially dangerous environment variables are removed for safety by default
141using the following regular expression:
142.na
143\[lq]\f[CR]^(BASH_ENV\:|CDPATH\:|ENV\:|HOSTALIASES\:|IFS\:|KRB5_CONFIG\:|KRBCONFDIR\:|KRBTKFILE\:|KRB_CONF\:|LD_.*\:|LOCALDOMAIN\:|NLSPATH\:|PATH_LOCALE\:|RES_OPTIONS\:|TERMINFO\:|TERMINFO_DIRS\:|TERMPATH)$\fP\[rq].
144.ad
145.SS
146Plain and directory chroots
147.PP
148Chroots of type \[oq]plain\[cq] or \[oq]directory\[cq] are directories
149accessible in the filesystem.  The two types are equivalent except for the fact
150that directory chroots run setup scripts, whereas plain chroots do not.
151Additionally, directory chroots implement the \fBfilesystem union chroot\fP
152options (see \[lq]\fIFilesystem Union chroot options\fP\[rq], below).
153.PP
154These chroot types have an additional (mandatory) configuration option:
155.TP
156\f[CBI]directory=\fP\f[CI]directory\fP
157The directory containing the chroot environment.  This is where the root will
158be changed to when executing a login shell or a command.  The directory must
159exist and have read and execute permissions to allow users access to it.  Note
160that on Linux systems it will be bind-mounted elsewhere for use as a chroot;
161the directory for \[oq]plain\[cq] chroots is mounted with the \fI\-\-rbind\fP
162option to
163.BR mount (8),
164while for \[oq]directory\[cq] chroots \fI\-\-bind\fP is used instead so that
165sub-mounts are not preserved.
166.IP
167This option was previously named \f[CI]location\fP, but was renamed to avoid
168ambiguity with the option by the same name for \fBmountable chroot\fP options
169(see \[lq]\fIMountable chroot options\fP\[rq], below).  The name
170\f[CI]location\fP is deprecated, but still valid; it will be obsoleted and
171removed in a future release.  It is recommended to use \f[CI]directory\fP
172rather than \f[CI]location\fP.  Note that it is an error to use both
173\f[CI]directory\fP and \f[CI]location\fP at the same time.
174.SS
175File chroots
176.PP
177Chroots of type \[oq]file\[cq] are files on the current filesystem containing
178an archive of the chroot files.  They implement the \fBsource chroot\fP options
179(see \[lq]\fISource chroot options\fP\[rq], below) and have an additional
180(mandatory) configuration option:
181.TP
182\f[CBI]file=\fP\f[CI]filename\fP
183The file containing the archived chroot environment.  This must be a tar (tape
184archive), optionally compressed with gzip or bzip2, or a zip archive.  The file
185extensions used to determine the type are are \fI.tar\fP, \fI.tar.gz\fP,
186\fI.tar.bz2\fP, \fI.tgz\fP, \fI.tbz\fP and \fI.zip\fP.  This file must be owned
187by the root user, and not be writable by other.
188.SS
189Loopback chroots
190.PP
191Chroots of type \[oq]loopback\[cq] are a filesystem available as a file on
192disk, accessed via a loopback mount.  The file will be loopback mounted and
193unmounted on demand.  Loopback chroots implement the \fBmountable chroot\fP and
194\fBfilesystem union chroot\fP options (see \[lq]\fIMountable chroot
195options\fP\[rq] and \[lq]\fIFilesystem Union chroot options\fP\[rq], below),
196plus an additional option:
197.TP
198\f[CBI]file=\fP\f[CI]filename\fP
199This is the filename of the file containing the filesystem, including the
200absolute path.  For example \[lq]/srv/chroot/sid\[rq].
201.SS
202Block device chroots
203.PP
204Chroots of type \[oq]block\-device\[cq] are a filesystem available on an
205unmounted block device.  The device will be mounted and unmounted on demand.
206Block device chroots implement the \fBmountable chroot\fP and \fBfilesystem
207union chroot\fP options (see \[lq]\fIMountable chroot options\fP\[rq] and
208\[lq]\fIFilesystem Union chroot options\fP\[rq], below), plus an additional
209option:
210.TP
211\f[CBI]device=\fP\f[CI]device\fP
212This is the device name of the block device, including the absolute path.  For
213example, \[lq]/dev/sda5\[rq].
214.SS
215LVM snapshot chroots
216.PP
217Chroots of type \[oq]lvm\-snapshot\[cq] are a filesystem available on an LVM
218logical volume (LV).  A snapshot LV will be created from this LV on demand, and
219then the snapshot will be mounted.  At the end of the session, the snapshot LV
220will be unmounted and removed.  For each chroot of this type, a corresponding
221\[oq]block\-device\[cq] chroot will be created, with a \fI\-source\fP suffix
222appended to the chroot name and all its aliases; this is for convenient access
223to the source device.
224.PP
225They implement the \fBsource chroot\fP options (see \[lq]\fISource chroot
226options\fP\[rq], below), and all the options for \[oq]block\-device\[cq], plus
227an additional option:
228.TP
229\f[CBI]lvm-snapshot-options=\fP\f[CI]snapshot_options\fP
230Snapshot options.  These are additional options to pass to lvcreate(8).  For
231example, \[lq]\-L 2g\[rq] to create a snapshot 2 GiB in size.
232.B Note:
233the LV name (\fI\-n\fP), the snapshot option (\fI\-s\fP) and the original LV
234path may not be specfied here; they are set automatically by schroot.
235.SS Source chroot options
236.PP
237Some chroots implement source chroots.  These are chroots which automatically
238create a copy of themselves before use, and are usually session managed.  These
239chroots also provide an additional chroot with a \fI\-source\fP suffix added to
240their name, to allow access to the original data, and to aid in chroot
241maintenance.  These chroots provide the following additional options:
242.TP
243\f[CBI]source\-users=\fP\f[CI]user1,user2,...\fP
244A comma-separated list of users which are allowed access to the source chroot.
245If empty or omitted, no users will be allowed access.  This will become the
246\f[CI]users\fP option in the source chroot.
247.TP
248\f[CBI]source\-groups=\fP\f[CI]group1,group2,...\fP
249A comma-separated list of groups which are allowed access to the source chroot.
250If empty or omitted, no users will be allowed access.  This will become the
251\f[CI]groups\fP option in the source chroot.
252.TP
253\f[CBI]source\-root\-users=\fP\f[CI]user1,user2,...\fP
254 A comma-separated list of users which are allowed \fBpassword-less\fP root
255access to the source chroot.  If empty or omitted, no users will be allowed
256root access without a password (but if a user is in \f[CI]users\fP, they may
257gain access with a password).  This will become the \f[CI]root\-users\fP option
258in the source chroot.  See the section \[lq]\fISecurity\fP\[rq] below.
259.TP
260\f[CBI]source\-root\-groups=\fP\f[CI]group1,group2,...\fP
261 A comma-separated list of groups which are allowed \fBpassword-less\fP root
262access to the source chroot.  If empty or omitted, no users will be allowed
263root access without a password (but if a user's group is in \f[CI]groups\fP,
264they may gain access with a password).  This will become the
265\f[CI]root\-groups\fP option in the source chroot.  See the section
266\[lq]\fISecurity\fP\[rq] below.
267.SS Mountable chroot options
268Some chroots implement device mounting.  These are chroots which require the
269mounting of a device in order to access the chroot.  These chroots provide the
270following additional options:
271.TP
272\f[CBI]mount\-options=\fP\f[CI]options\fP
273Mount options for the block device.  These are additional options to pass to
274.BR mount (8).
275For example, \[lq]\-o atime,sync,user_xattr\[rq].
276.TP
277\f[CBI]location=\fP\f[CI]path\fP
278This is the path to the chroot \fIinside\fP the filesystem on the device.  For
279example, if the filesystem contains a chroot in \fI/chroot/sid\fP, you would
280specify \[lq]/chroot/sid\[rq] here.  If the chroot is the only thing on the
281filesystem, i.e. \fI/\fP is the root filesystem for the chroot, this option
282should be left blank, or omitted entirely.
283.SS Filesystem Union chroot options
284Some chroots allow for the creation of a session using filesystem unions to
285overlay the original filesystem with a separate writable directory.  The
286original filesystem is read-only, with any modifications made to the filesystem
287made in the overlying writable directory, leaving the original filesystem
288unchanged.  A union permits multiple sessions to access and make changes to a
289single chroot simultaneously, while keeping the changes private to each
290session.  To enable this feature, set \f[CI]union\-type\fP to any supported
291value.  If enabled, the chroot will also be a \fBsource chroot\fP, which will
292provide additional options (see \[lq]\fISource chroot options\fP\[rq], above).
293All entries are optional.
294.TP
295\f[CBI]union\-type=\fP\f[CI]type\fP
296Set the union filesystem type.  Currently supported filesystems are
297\[oq]aufs\[cq] and \[oq]unionfs\[cq].  The default is \[oq]none\[cq], which
298disables this feature.
299.TP
300\f[CBI]union\-mount\-options=\fP\f[CI]options\fP
301Union filesystem mount options (branch configuration), used for mounting the
302union filesystem specified with \fIunion\-type\fP.  This replaces the complete
303\[lq]\-o\[rq] string for mount and allows for the creation of complex
304filesystem unions.  Note that \[oq]aufs\[cq] and \[oq]unionfs\[cq] have
305different supported mount options.
306.B Note:
307One can use the variables \[lq]${CHROOT_UNION_OVERLAY_DIRECTORY}\[rq] and
308\[lq]${CHROOT_UNION_UNDERLAY_DIRECTORY}\[rq] to refer to the writable overlay
309session directory and read-only underlying directory which are to form the
310union.  See
311.BR schroot\-setup (5)
312for a complete variable list.
313.TP
314\f[CBI]union\-overlay\-directory\fP\f[CI]=directory\fP
315Specify the directory where the writeable overlay session directories will be
316created.  The default is \[oq]@SCHROOT_OVERLAY_DIR@\[cq].
317.TP
318\f[CBI]union\-underlay\-directory\fP\f[CI]=directory\fP
319Specify the directory where the read-only underlying directories will be
320created.  The default is \[oq]@SCHROOT_UNDERLAY_DIR@\[cq].
321.SS Localisation
322.PP
323Some keys may be localised in multiple languages.  This is achieved by adding
324the locale name in square brackets after the key name.  For example:
325.br
326.RS
327\f[CR]description[en_GB]=\f[CI]British English translation\fP\fP
328.br
329.RE
330.PP
331This will localise the \f[CI]description\fP key for the en_GB locale.
332.RS
333\f[CR]description[fr]=\f[CI]French translation\fP\fP
334.br
335.RE
336.PP
337This will localise the \f[CI]description\fP key for all French locales.
338.br
339.SH SECURITY
340Note that giving untrusted users root access to chroots is a \fBserious
341security risk\fP!  Although the untrusted user will only have root access to
342files inside the chroot, in practice there are many obvious ways of breaking
343out of the chroot and of disrupting services on the host system.  As always,
344this boils down to \fItrust\fP.
345.B Don't give chroot root access to users you would not trust
346.B with root access to the host system.
347.SH EXAMPLE
348\f[CR]# Sample configuration\fP
349.br
350\f[CR]\fP
351.br
352\f[CR][sid]\fP
353.br
354\f[CR]type=plain\fP
355.br
356\f[CR]description=Debian unstable\fP
357.br
358\f[CR]description[fr_FR]=Debian instable\fP
359.br
360\f[CR]directory=/srv/chroot/sid\fP
361.br
362\f[CR]priority=3\fP
363.br
364\f[CR]users=jim\fP
365.br
366\f[CR]groups=sbuild\fP
367.br
368\f[CR]root\-users=rleigh\fP
369.br
370\f[CR]aliases=unstable,default\fP
371.br
372\f[CR]\fP
373.br
374\f[CR][etch]\fP
375.br
376\f[CR]type=block\-device\fP
377.br
378\f[CR]description=Debian testing (32\-bit)\fP
379.br
380\f[CR]priority=2\fP
381.br
382\f[CR]groups=users\fP
383.br
384\f[CR]#groups=sbuild\-security\fP
385.br
386\f[CR]aliases=testing\fP
387.br
388\f[CR]device=/dev/hda_vg/etch_chroot\fP
389.br
390\f[CR]mount\-options=\-o atime\fP
391.br
392\f[CR]personality=linux32\fP
393.br
394\f[CR]run\-setup\-scripts=true\fP
395.br
396\f[CR]\fP
397.br
398\f[CR][sid\-file]\fP
399.br
400\f[CR]type=file\fP
401.br
402\f[CR]description=Debian sid file\-based chroot\fP
403.br
404\f[CR]priority=3\fP
405.br
406\f[CR]groups=sbuild\fP
407.br
408\f[CR]file=/srv/chroots/sid.tar.gz\fP
409.br
410\f[CR]run\-setup\-scripts=true\fP
411.br
412\f[CR]\fP
413.br
414\f[CR][sid\-snapshot]\fP
415.br
416\f[CR]type=lvm\-snapshot\fP
417.br
418\f[CR]description=Debian unstable LVM snapshot\fP
419.br
420\f[CR]priority=3\fP
421.br
422\f[CR]groups=sbuild\fP
423.br
424\f[CR]users=rleigh\fP
425.br
426\f[CR]source\-root\-users=rleigh\fP
427.br
428\f[CR]source\-root\-groups=admin\fP
429.br
430\f[CR]device=/dev/hda_vg/sid_chroot\fP
431.br
432\f[CR]mount\-options=\-o atime,sync,user_xattr\fP
433.br
434\f[CR]lvm\-snapshot\-options=\-\-size 2G\fP
435.br
436\f[CR]run\-setup\-scripts=true\fP
437.SH FILES
438.TP
439\f[BI]@SCHROOT_CONF@\fP
440The system-wide chroot definition file.  This file must be owned by the root
441user, and not be writable by other.
442.TP
443\f[BI]@SCHROOT_CONF_CHROOT_D@\fP
444Additional chroot definitions may be placed in files under this directory.
445They are treated in exactly that same manner as \fI@SCHROOT_CONF@\fP.  Each
446file may contain one or more chroot definitions.
447.SH AUTHORS
448Roger Leigh.
449.SH COPYRIGHT
450Copyright \(co 2005\-2008  Roger Leigh \f[CR]<rleigh@debian.org>\fP
451.PP
452\fBschroot\fP is free software: you can redistribute it and/or modify it under
453the terms of the GNU General Public License as published by the Free Software
454Foundation, either version 3 of the License, or (at your option) any later
455version.
456.SH SEE ALSO
457.BR sbuild (1),
458.BR schroot (1),
459.BR schroot\-script\-config (5),
460.BR mount (8).
461.\"#
462.\"# The following sets edit modes for GNU EMACS
463.\"# Local Variables:
464.\"# mode:nroff
465.\"# fill-column:79
466.\"# End:
Note: See TracBrowser for help on using the repository browser.