There are plenty of reasons not to use chroot and maybe that’s a topic for another day… but I have a project that I can deploy inside a chroot’d environment on othr Linux and BSD distros… But for some reason I am not able to resolve DNS from inside the chroot even though I composed a /etc/resolv.conf. My guess is that because ClearLinux uses system-resolvd it does not behave the same…
Any reommendations for resolving DNS inside chroot when the host is using systemd-resolvd?
AFAIK /etc/resolv.conf is just a link to /run/systemd/resolve/resolv.conf. You can try to copy this file directly, or even better just create a /etc/resolv.conf with “nameserver 1.1.1.1” or some other dns provider address.
I tried that and it did not work.
$ ./bin/curl http://google.com
curl: (6) Could not resolve host: google.com
Thanks.
Can you ping 1.1.1.1 or your router address?
The easiest way to get chroot work is using mount:
# mkdir /mnt/chroot
# mount -t proc /proc /mnt/chroot/proc
# mount -o bind /sys /mnt/chroot/sys
# mount -o bind /dev /mnt/chroot/dev
# mount -o bind /dev/pts /mnt/chroot/dev/pts
# mount -o bind /run /mnt/chroot/run
# chroot /mnt/chroot
This way your chroot has access to the devices
That was really close… I did not go that way because binding ALL those directories cannot be the best way to secure a chroot. Granted I do not know enough to know enough 
but it got me to thinking… And for that thanks. I had not installed ping. my bin folder only had three apps in it and I used ldd to determine the deps. I can say now that I was missing some deps.
I used the following but it was not enough…
"ldd ${jail}/bin/* | egrep -o '\[^ \]*/lib\[^ \]*\[.\]\[0-9\]+' |sort|uniq| xargs -I{} -P1 sudo cp -v {} ${jail}{} "
then I added these because I needed the libnss_dns*. Someone said some libs are loaded without a link reference in ldd.
"find /usr -iname 'libnss*'|grep lib\[36\] | xargs -I{} -P1 sudo cp -v {} ${jail}{} "
then I added this one per your mention. Seems I also needed libreslv*.
"ldd /usr/bin/ping | egrep -o '\[^ \]*/lib\[^ \]*\[.\]\[0-9\]+' |sort|uniq| xargs -I{} -P1 sudo cp -v {} ${jail}{} "
(there are plenty of other details the entire tcl shell bits. I’m still tesing and some other elements can likely be reoved)
Thanks again for the push…
set todo [subst {
[list "echo \"MODE=$mode; REMOTE=$remote\""]
"sudo mkdir -p ${jail}/bin"
"sudo cp /bin/sh ${jail}/bin/."
"sudo cp /usr/bin/curl ${jail}/bin/."
"sudo mkdir -p ${jail}/etc/ssl/certs"
"sudo cp /etc/resolv.conf ${jail}/etc/."
"sudo cp -f /etc/ssl/certs/* ${jail}/etc/ssl/certs/."
"sudo rm -rf ${jail}//usr"
"sudo rm -rf ${jail}//lib*"
"sudo mkdir -p ${jail}/lib64"
"sudo mkdir -p ${jail}/usr/lib32"
"sudo mkdir -p ${jail}/usr/lib64/haswell"
"sudo cp bin/* ${jail}/bin/."
"sudo mkdir -p ${jail}/www"
"sudo mkdir -p ${jail}/other"
"sudo mkdir -p ${jail}/var/data"
"sudo cp -r www/* ${jail}/www/."
"sudo cp -r other/* ${jail}/other/."
"sudo cp ${HOME}/.ssh/auth.sh ${jail}/bin/."
"sudo chown -R usr:grp ${jail}"
"sudo /bin/sh -c 'mount -t devtmpfs devtmpfs ${jail}/dev'"
"ldd /usr/bin/ping | egrep -o '\[^ \]*/lib\[^ \]*\[.\]\[0-9\]+' |sort|uniq| xargs -I{} -P1 sudo cp -v {} ${jail}{} "
"ldd ${jail}/bin/* | egrep -o '\[^ \]*/lib\[^ \]*\[.\]\[0-9\]+' |sort|uniq| xargs -I{} -P1 sudo cp -v {} ${jail}{} "
"find /usr -iname 'libnss*'|grep lib\[36\] | xargs -I{} -P1 sudo cp -v {} ${jail}{} "
{!ls -lt bin}
}]
doit $todo