Here's an example of how we've used this.<p>RStudio Server[0] 1.3 and older hard-coded a number of paths, such as the path for storing temporary files: Instead of looking for the TMPDIR environment variable (as specified by POSIX[1]), R Studio Server would always use /tmp. That is extremely annoying, because we set TMPDIR to a path on fast local storage (SATA or NVMe SSDs) that the job scheduler cleans up at the end of the compute job.<p>We do have a last-resort mechanism using pam_namespace[2], such that a user going to `/tmp` actually takes them to `/namespace/tmp/${username}`, but that is per-user, not per-job. If a user has two R Studio jobs, and those two jobs landed on the same host, there would be trouble.<p>So, we used PRoot to wrap R Studio, with /tmp bind-mounted to a directory under TMPDIR.<p>[0]: <a href="https://www.rstudio.com/products/rstudio/download-server/" rel="nofollow">https://www.rstudio.com/products/rstudio/download-server/</a><p>[1]: <a href="https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html" rel="nofollow">https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1...</a><p>[2]: <a href="https://linux.die.net/man/8/pam_namespace" rel="nofollow">https://linux.die.net/man/8/pam_namespace</a>
A similar tool for this user-space bind-mount is <a href="https://github.com/fritzw/ld-preload-open">https://github.com/fritzw/ld-preload-open</a>, which relies on LD_PRELOAD to overwrite common libc functions. Thus this is less reliable as the presented tool which uses ptrace, but it still works reasonably well (I run e.g. PyCharm with it).
`guix pack` can create bundles that use a static proot to make them relocatable:<p><a href="https://hpc.guix.info/blog/2017/10/using-guix-without-being-root/" rel="nofollow">https://hpc.guix.info/blog/2017/10/using-guix-without-being-...</a><p>It also supports other more performant ways, but in some situations proot is the best choice.
Termux has now a nice wrapper (manager?) for proot [1]. I once wanted to submit a wrapper but got an angry response as the first comment to my PR and it was closed. Guess enough people did that until they decided maybe it's not a bad idea after all.<p>[1]: <a href="https://github.com/termux/proot-distro">https://github.com/termux/proot-distro</a>
Can anyone explain why chroot requires root privileges in the first place? Because from my understanding it seems like it should only restrict what you can do rather than grant any new abilities.
Ah! Finally I see a way to try nix (the package manager) on my existing installation without it requiring access to the root directory and other such stuff!
Does this support using gdb to debug a program, because I vaguely remember years ago using a simulated root to install a linux distro on android to compile and test certain ideas while traveling and due to the nature of ptrace , they couldn't be loaded into a debugger.
Unless I am mistaken this cannot elide over the fundamental protections Android enforce which make it impossible to do cross-device symlinks to external SD cards in a non-rooted Android: the outer kernel blocks this, even though you can cd into the paths.<p>If (for example) you can overlay/union mount and have a synthetic upper layer FS which manages things, I could use this.
related url, for syscall intercepting made easy:
<a href="https://github.com/bieganski/asstrace/">https://github.com/bieganski/asstrace/</a><p>see `pathsubst` example.<p>unfortunately set of use cases for `ptrace`-based solution is limited, due to high performance overhead.
have been using proot on Android to start my container image[1] as an alternative OS on top of termux. it is not perfect, but at least you can have a Fedora userspace on an Android tablet. when you add termux:x11 or vnc you have a minimal desktop, and with vscode a dev environment.<p>1: <a href="https://github.com/gbraad-devenv/">https://github.com/gbraad-devenv/</a>