Chroot jail

From NetHackWiki
Jump to navigation Jump to search

chroot jail is a way of running programs on Unix operating systems so that the program cannot access anything outside the "jail" directory. This article describes how to compile NetHack so it can be used inside a chroot jail; this is useful when you want to run a public server. Usually you also need a wrapper program that handles user logins; one such program is dgamelaunch.

  • First, compile NetHack as documented in the Linux TTY-section.
  • Edit include/config.h and change HACKDIR to "/nh343" (There is more than one definition of HACKDIR in there!)
  • Edit include/unixconf.h: enable VAR_PLAYGROUND and change its value to "/nh343/var"
  • Edit the top Makefile:
    • Comment out all lines that reference $SHELLDIR. We don't need to install the shellscript that is usually used to launch NetHack.
    • Change PREFIX to the directory which will be the chroot environment and contain all the files the server needs. We'll be using "/opt/nethack/" here as an example.
    • Change GAMEDIR to $(PREFIX)/nh343
    • Change VARDIR to $(GAMEDIR)/var
    • Change GAMEUID and GAMEGRP to the user and group you will run nethack as; the default dgamelaunch settings for these are games and games.
  • Create the binaries with make all. If things went smoothly, do make install (or make update if you've already installed NetHack once to the chroot dir)
  • do ldd src/nethack to see what dynamic link libraries the binary needs. Copy those into /opt/nethack/
  • Find where your terminfo files are (usually in /usr/share/terminfo, /etc/terminfo or /usr/share/lib/terminfo). In the chroot directory, create a similar directory structure. For example, let's say the terminfo files are in /usr/share/terminfo; you would create directory "/opt/nethack/". There could be different terminfo files in different directories; do this for all of the terminfo files.
  • Copy all the terminfo files into their directories you created in the chroot, maintaining the directory structure of the terminfo files.
  • Test that you can run the NetHack inside the chroot environment, by doing the following as root:
cd /opt/nethack/
chroot ./ nh343/nethack
  • If NetHack doesn't start but you get a complaint about missing file or directory:
chroot: cannot run command `nh343/nethack': No such file or directory
That usually means the binary is missing some dynamic link library from the chroot.
  • If you get a complaint about unknown terminal type, that means there's some problem with the terminfo files. Check that there is a terminfo file that corresponds to your $TERM setting.