I don’t always install software whose idea of installation instructions is
curl ... | sudo, but when I do, I jail it. In this case, I’m setting up a chroot for Nodejs:
sudo apt install schroot deboostrap sudo mkdir /srv/npm-chroot sudo debootstrap stable /srv/npm-chroot sudo mkdir -p /srv/npm-chroot/home/joe/projects sudo chown -R joe:joe /srv/npm-chroot/home/joe/
In these examples, “joe” is my username.
The “s” in “schroot” stands for “securely,” but it might as well be “simple” because “schroot” handles fiddly bookkeeping tasks for setting up your environment, based on its config file.
[npm] description=npm projects type=directory directory=/srv/npm-chroot root-users=joe setup.fstab=joe-projects/fstab
Normally, schroot mounts
/home from the host as
/home in the chroot. I don’t want programs in jail to muck about with my home on the host though, so I edit the
setup.fstab option. Its default lives in
For my purposes, the schroot’s default configuration is a good start, so:
sudo mkdir /etc/schroot/joe-projects sudo cp /etc/schroot/default/fstab /etc/schroot/joe-projects/
/etc/schroot/joe-projects/fstab, removing the
/home line and adding instead:
/home/joe/projects /home/joe/projects none rw,bind 0 0
Finally, enter the chroot, as root.
schroot -c npm -u root
I like to install sudo so it feels like a normal Ubuntu:
# now in the schroot apt update apt install sudo exit
Then log in as my normal user:
# in the host schroot -c npm
From here I can install npm in relative isolation; this is not sufficient for isolating malicious software, but it’s a nice way to avoid inconsiderate programs from pooping all over your system.