Provided by: linux-user-chroot_2013.1-2build1_amd64 bug

NAME

       linux-user-chroot - safely allow normal users to chroot

SYNOPSIS

       linux-user-chroot  [--unshare-ipc]  [--unshare-pid]  [--unshare-net] [--mount-proc DIR] [--mount-readonly
       DIR] [--mount-bind SOURCE DEST] [--chdir DIR] ROOTDIR PROGRAM ARGS...

DESCRIPTION

       linux-user-chroot is a tool meant for building software in a clean environment.  The user needs to create
       a directory tree with the build dependencies needed, and only those, and then linux-user-chroot runs  the
       actual  build  commands  such that the commands only see the directory tree.  This is useful for ensuring
       the build gets the right version of its build dependencies, for example.

       linux-user-chroot works similary to chroot(8), but does not require the caller to have  root  privileges.
       It  uses Linux containers to restrict the chroot to make this safe.  The command run inside the chroot is
       run as the calling user, not as root.

       linux-user-chroot executes a command, and sets the root  directory  for  the  command  to  the  directory
       specified  by  the  user  (ROOTDIR).   Additionally,  it  creates  a  "nosuid"  bind  mount over the root
       filesystem, to prevent the build from gaining privileges using setuid binaries.  The command can  further
       be  restricted  from  accessing  the  network,  and  it  can  be  set up with new process ID and SysV IPC
       namespaces.

OPTIONS

       --unshare-ipc
              Create a new SysV IPC namespace for the command.

       --unshare-pid
              Create a new process ID (PID) namespace for the command.  This prevents the  command  from  seeing
              any other processes in the system, except itself and the processes it itself creates.

       --unshare-net
              Create  a  new,  empty  networking  stack.   This  prevents the command from using any networking,
              including loopback.

       --mount-proc DIR
              Mount the proc filesystem at DIR.

       --mount-readonly DIR
              Make DIR be read-only for the command.

       --mount-bind SOURCE DEST
              Add a bind mount while the command is executing.

       --chdir DIR
              After setting the new root directory for the command, change the current working directory  to  be
              DIR.

EXIT STATUS

       The  exit  status is the exit status of the executed command, or 1 if linux-user-chroot failed to execute
       the command.

EXAMPLE

       To build software in the real system, but without networking:

              linux-user-chroot --unshare-net --chdir "$(pwd)"
              make clean all check

SEE ALSO

       chroot(8).

                                                                                            LINUX-USER-CHROOT(8)