Installing mediabrowser in a jail root

home of a content challenger

Installing mediabrowser in a jail root

I have been playing around with media browser lately. Media browser is a streaming server, like plex. For me it has the advantage that I can host the website and security at home. That way I can easily stream over https and control user authentication myself. For security reasons I installed it in a jail root using schroot on my debian box. This is how I did it.

Preparing your host

First make sure you have a working installation of schroot on your box (using sudo here to show which steps should be executed as root):

sudo apt-get install schroot debootstrap

Then make the directory for your jail and install a base system:

sudo mkdir -p /srv/chroot/mediabrowser

sudo debootstrap jessie /srv/chroot/mediabrowser http://ftp.de.debian.org/debian

Please note that you will need to install jessie to get the right mono versions for your installation. If you don’t install jessie, you need to manually install the latest mono packages for debian. Please also note that I install from the local German debian repository. You can change to your local one if needed.

You need to create a user for your installation. The idea is that this user is known with the same ID in both your host and your jail (the guest system). This will make it easier to give the user access to system wide resources.

sudo adduser --system --shell /bin/false --disabled-password --no-create-home mediabrowser

The system will output something like this:

Adding system user `mediabrowser’ (UID 122) …

You should remember the UID (you can later check the /etc/passwd file as well, if you know how to do that).

Configuring schroot

Make sure schroot knows your environment. We need to create / change some config files. First Now, as root, create the file /etc/schroot/chroot.d/mediabrowser and give it the following content:

[mediabrowser]
aliases=mb
directory=/srv/chroot/mediabrowser
type=directory
description=Chroot for the media browser service
users=mediabrowser
groups=root
root-groups=root
profile=mediabrowser
personality=linux
preserve-environment=true

This will make sure schroot knows about your jail. Schroot also needs to know how it should configure your jail. For that create the following directory:

sudo mkdir -p /etc/schroot/mediabrowser

In it you need to create three files (as root): copyfiles and fstab. The contents of /etc/schroot/mediabrowser/copyfiles should be:

# Files to copy into the chroot from the host system.
#
# <source and destination>
/etc/resolv.conf

The contents of /etc/schroot/mediabrowser/fstab should be as follows. Please note that I assume that you have your content locally on the host you are installing your jail. If your content is on a remote (samba or nfs) host, you need to add the right commands to mount those remote filesystems.

# fstab: static file system information for chroots.
# Note that the mount point will be prefixed by the chroot path
# (CHROOT_PATH)
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/proc           /proc           none    rw,bind         0       0
/sys            /sys            none    rw,bind         0       0
/dev            /dev            none    rw,bind         0       0
/dev/pts        /dev/pts        none    rw,bind         0       0
#/home           /home           none    rw,bind         0       0
/tmp            /tmp            none    rw,bind         0       0

# Add mounts to your content files here, what follows is an example
/path/to/content/on/your/host  /path/on/your/guest/to/mount/that/content    none    rw,bind 0 0

Note: you can also specify an nssdatabases file in this directory. I personally don’t want to copy any configuration files from my host to my guest, so I don’t use it. See the schroot documentation to make use of this feature.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.