I want to doing some experiment to a linux system. I read about chrooting and debootsrap, it's said that it's needed to do binding mount to proc and dev so the chroot environment will fully work properly.
What I want to achieve is a clean chroot environment that if something goes wrong, it will not affect the running system. Since proc and dev is mounted with binding option, I think it will be dangerous if I do something wrong with proc and dev in chroot environment.
Is doing binding mount to proc and dev is really needed? What I have to do if I want a really safe, clean, work and supported (from the running system) chroot environment?
1 Answer
/proc and /dev are need so the chroot can work with the system. End of story. If you want something more secure your main system, I would point you to some virtual machine. Then all you will have to worry are the virtualisation software and the virtual machine, not the chroot. No full happiness. People use the chroot, including in enterprise, to secure their systems for years. Do it.
