25.5.2 Creating a Chroot Jail

To create a chroot jail:

  1. Create the directory that will become the root directory of the chroot jail, for example:

    # mkdir /home/oracle/jail

  2. Use the ldd command to find out which libraries are required by the command that you intend to run in the chroot jail, for example /bin/bash:

    # ldd /bin/bash
    	linux-vdso.so.1 =>  (0x00007fff56fcc000)
    	libtinfo.so.5 => /lib64/libtinfo.so.5 (0x0000003ad1200000)
    	libdl.so.2 => /lib64/libdl.so.2 (0x0000003abe600000)
    	libc.so.6 => /lib64/libc.so.6 (0x0000003abe200000)
    	/lib64/ld-linux-x86-64.so.2 (0x0000003abde00000)

  3. Create subdirectories of the chroot jail's root directory that have the same relative paths as the command binary and its required libraries have to the real root directory, for example:

    # mkdir /home/oracle/jail/bin
    # mkdir /home/oracle/jail/lib64

  4. Copy the binary and the shared libraries to the directories under the chroot jail's root directory, for example:

    # cp /bin/bash /home/oracle/jail/bin
    # cp /lib64/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} \
      /home/oracle/jail/lib64