No network in chroot environment

Volker Wysk post at volker-wysk.de
Fri Jan 24 19:41:02 UTC 2020


Am Freitag, den 24.01.2020, 20:00 +0100 schrieb Tom H:
> On Fri, Jan 24, 2020 at 7:16 PM Volker Wysk <post at volker-wysk.de>
> wrote:
> > 
> > I'm migrating my old system to a new SSD in a new computer, and
> > come to
> > the point to set up the new root file system in a chroot:
> > 
> > cryptsetup luksOpen /dev/nvme0n1p3 nvme0n1p3_crypt
> > mount /dev/mapper/nvme0n1p3_crypt /mnt/rootneu
> > mount --rbind /dev /mnt/rootneu/dev
> > mount --rbind /proc /mnt/rootneu/proc
> > mount --rbind /sys /mnt/rootneu/sys
> > mount /dev/nvme0n1p2 /mnt/rootneu/boot
> > mount /dev/nvme0n1p1 /mnt/rootneu/boot/efi
> > chroot /mnt/rootneu
> > 
> > This works, but the network in the chroot-ed environment isn't
> > available:
> > 
> > Wartung1804 / % LANG=C ping heise.de
> > ping: heise.de: Name or service not known
> > 
> > In the original system, it's fine:
> > v at Wartung1804:~$ LANG=C ping heise.de
> > PING heise.de(redirector.heise.de (2a02:2e0:3fe:1001:302::)) 56
> > data
> > bytes
> > 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::):
> > icmp_seq=1
> > ttl=57 time=15.0 ms
> > ...
> > 
> > So what happened to the network..? Might the "mount --rbind ..."
> > commands be incomplete?
> 
> "/etc/resolv.conf" is probably a dangling symlink. 

You're almost right. It points to an empty file.

I'd like to do this cleanly, like it is supposed to be done. I don't
fully understand all of the following of what you've written.

> One option might be
> to copy "/run/.../resolv.conf" to the chroot before chrooting.

This sounds like a hack.

> I wonder whether bind-mounting "/run" would work and wouldn't have
> any
> downsides. I've never tried it; I've never even tnought of it before!

This sounds good, if it works.

> PS: "/proc" isn't usually bind-mounted.

You mean, this shouldn't be done: "mount --rbind /proc
$mountpoint/proc", but instead: "mount -t proc proc
"$mountpoint"/proc", right? 

> PPS: There's a recommendation to make the bind-mounted filesystems
> slaves for systemd.

I don't know what systemd slaves are. But this doesn't really have to
be done, right?

> PPPS: I use for Gentoo/Funtoo
> 
> mount -t proc proc "$mountpoint"/proc

Is there a particular reason for using "-t proc proc" rather than "
--rbind /proc"?

> 
> for apifs in dev sys ; do
> mount -o rbind /"$apifs" "$mountpoint"/"$apifs"
> mount --make-rslave "$mountpoint"/"$apifs"
> done

"--make-rslave" isn't fully documented in the mount man page (of Ubuntu
18.04). It only says "The following commands allow one to recursively
change the type of all the mounts under a given mountpoint.".

> 
> AFAIR, the Arch installer doesn't bind-mount any of the API
> filesystems (e.g. 'mount -t sys sys "$mountpoint"/sys' for sysfs).
> 


Cheers,
Volker






More information about the ubuntu-users mailing list