Chroot
chroot is the oldest sandboxing tool available in Linux. Its work is the same as mount namespace, but it is implemented much earlier. chroot changes the root directory for a process to any chroot directory ( like / chroot). As the root directory is the top of the file system hierarchy, applications are unable to access directories higher up than the root directory, and so are isolated from the rest of the system. This prevents applications inside the chroot from interfering with files elsewhere on your computer. To create an isolated environment in old SystemV based operating systems, you first need to copy all required packages and libraries to that directory. For demonstration purposes, I am running ‘ ls’ on the chroot directory.
First, create a directory to set as root a file system for a process:
Now, copy these files to the as required.
Once you have copied all the necessary files, it’s time to enter the chroot. lib or lib64 of /chroot
You will be prompted with a shell running inside your virtual environment. Here, you don’t have much to run besides ls, but it has changed the root file system for this process to /chroot.
To get a more full-featured environment you can use the debootstrap utility to bootstrap a basic Debian system: