Chroot jail

chroot jail is a way of running programs on unix operating systems so that the program cannot access anything outside the "jail" directory. This article describes how to compile NetHack so it can be used inside a chroot jail; this is useful when you want to run a public server. Usually you also need a wrapper program that handles user logins; one such program is dgamelaunch.


 * First, compile NetHack as documented in the Linux TTY-section.


 * Edit include/config.h and change HACKDIR to "/nh343" (Note that there are more than one definition of HACKDIR in there!)


 * Edit include/unixconf.h: enable VAR_PLAYGROUND and change it's value to "/nh343/var"


 * Edit the top Makefile:


 * Comment out all lines that reference $SHELLDIR. We don't need to install the shellscript that is usually used to launch NetHack.


 * Change PREFIX to the directory which will be the chroot environment and contain all the files the server needs. We'll be using "/opt/nethack/nethack.alt.org"</tt> here as an example.


 * Change GAMEDIR</tt> to $(PREFIX)/nh343</tt>


 * Change VARDIR</tt> to $(GAMEDIR)/var</tt>


 * Change GAMEUID</tt> and GAMEGRP</tt> to the user and group you will run nethack as; the default dgamelaunch settings for these are games</tt> and games</tt>.


 * Create the binaries with make all</tt>. If things went smoothly, do make install</tt> (or make update</tt> if you've already installed NetHack once to the chroot dir)


 * do ldd src/nethack</tt> to see what dynamic link libraries the binary needs. Copy those into /opt/nethack/nethack.alt.org/lib/</tt>


 * Find where your terminfo files are (usually in /usr/share/terminfo</tt>, /etc/terminfo</tt> or <tt>/usr/share/lib/terminfo</tt>). In the chroot directory, create a similar directory structure. For example, let's say the terminfo files are in <tt>/usr/share/terminfo</tt>; you would create directory <tt>"/opt/nethack/nethack.alt.org/lib/usr/share/terminfo"</tt>. Note that there could be different terminfo files in different directories; do this for all of the terminfo files.


 * Copy all the terminfo files into their directories you created in the chroot, maintaining the directory structure of the terminfo files.

cd /opt/nethack/nethack.alt.org chroot ./ nh343/nethack
 * Test that you can run the NetHack inside the chroot environment, by doing the following as root:

chroot: cannot run command `nh343/nethack': No such file or directory That usually means the binary is missing some dynamic link library from the chroot.
 * If NetHack doesn't start but you get a complaint about missing file or directory:


 * If you get a complaint about unknown terminal type, that means there's some problem with the terminfo files. Check that there is a terminfo file that corresponds to your <tt>$TERM</tt> setting.