There are plenty of reasons to use chroots, but security is not one of them.
For a practical how-to see e.g
http://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells
For a bit of yelling, see
http://yarchive.net/comp/linux/chroot.html
chroot will improve your security by creating an obstacle which may filter out some would-be crackers, but it will not make it secure by any standard. (in spite of what I may have written elsewhere on this blog).
Original post:
I've been using chroot to compile and test stuff so much lately that I figure it was time to automate the process.
Before creating your chroot you'll need a few packages:
sudo apt-get install debootstrap coreutils x11-xserver-utils
The scripts
makechroot.shmkdir $HOME/tmp/jail/$1 -p sudo debootstrap --arch amd64 testing $HOME/tmp/jail/$1 http://ftp.au.debian.org/debian/ sudo cp setupchroot.sh $HOME/tmp/jail/$1/
setupchroot.shrm /etc/apt/sources.list echo 'deb http://ftp.au.debian.org/debian/ wheezy main contrib non-free' >> /etc/apt/sources.list apt-get update apt-get install locales sudo vim echo 'export LC_ALL="C"'>>/etc/bash.bashrc echo 'export LANG="C"'>>/etc/bash.bashrc echo 'export DISPLAY=:0.0' >> /etc/bash.bashrc echo '127.0.0.1 beryllium >> /etc/hosts' source /etc/bash.bashrc adduser sandbox usermod -g sudo sandbox echo 'Defaults !tty_tickets' >> /etc/sudoers
launchchroot.shxhost + sudo mount -o bind /proc $1/proc sudo cp /etc/resolv.conf $1/etc/resolv.conf sudo chroot $HOME/tmp/jail/$1
How to use
To set up the chroot:
sh makechroot.sh mynewchroot sudo chroot mynewchroot root@beryllium:/# sh setupchroot.sh
To use the chroot:
sh launchchroot.sh mynewchroot
Once you're done with the chroot and logged out, do
sudo umount $HOME/tmp/jail/mynewchroot/proc
to unmount the /proc -- you can now delete, copy etc. the directory structure of you chroot.