Last active
October 19, 2025 12:25
-
-
Save alpianon/9ae635f85e1d792fc4b88fd29c6e03f9 to your computer and use it in GitHub Desktop.
safely run/test a script within a minimal chroot environment with only selected commands available
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| script=$1 | |
| shift | |
| args="$@" | |
| CHROOT=$(mktemp -d) | |
| COMMANDS="/bin/bash /bin/echo" | |
| for c in $COMMANDS; do | |
| mkdir -p $CHROOT$(dirname $c) | |
| cp -a $c $CHROOT$(dirname $c) | |
| libs="$libs $(ldd $c | grep '=>' | cut -d' ' -f 3)" | |
| libs="$libs $(ldd $c | grep ld-linux | cut -d' ' -f 1 | cut -f 2)" | |
| done | |
| libs=$(for l in $libs; do echo $l; done | sort -u) | |
| for l in $libs; do | |
| mkdir -p $CHROOT$(dirname $l) | |
| cp -a $l $CHROOT$(dirname $l) | |
| r=$(realpath $l) | |
| mkdir -p $CHROOT$(dirname $r) | |
| cp -a $r $CHROOT$(dirname $r) | |
| done | |
| mkdir -p $CHROOT/bin | |
| cp -a $script $CHROOT/bin | |
| fakeroot fakechroot /usr/sbin/chroot $CHROOT bash -c \ | |
| "LC_ALL=C $(basename $script) $args" | |
| rm -Rf $CHROOT |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
based on https://www.reddit.com/r/linux4noobs/comments/3e90rr/whats_the_most_minimal_filesystem_i_could_make_to/
requires chroot, fakeroot and fakechroot