The Arch Linux based distro that runs upon any Linux distros without root access.
| Project Status | Donation | Communication |
|---|---|---|
  |
  |
    |
Table of Contents
- Description
- Quickstart
- Installation
- Dependencies
- Advanced usage
- Internals
- Troubleshooting
- More documentation
- Contributing
- Author
JuNest (Jailed User NEST) is a lightweight Arch Linux based distribution that allows to have an isolated GNU/Linux environment inside any generic host GNU/Linux OS and without the need to have root privileges for installing packages.
JuNest contains mainly the package managers (called pacman and a simple wrapper of yaourt called yogurt) that allows to access to a wide range of packages from the Arch Linux repositories.
The main advantages on using JuNest are:
- Install packages without root privileges.
- Isolated environment in which you can install packages without affecting a production system.
- Access to a wide range of packages in particular on GNU/Linux distros that may contain limited repositories (such as CentOS and RedHat).
- Available for x86_64, x86 and ARM architectures but you can build your own image from scratch too!
- Run on a different architecture from the host OS via QEMU
- All Arch Linux lovers can have their favourite distro everywhere!
JuNest follows the Arch Linux philosophy.
There are three different ways you can run JuNest:
-
As normal user - Allow to make basic operations:
junest -
As fakeroot - Allow to install/remove packages:
junest -f -
As root - Allow to have fully root privileges inside JuNest environment (you need to be root for executing this):
junest -r
If the JuNest image has not been downloaded yet, the script will download the image and will place it to the default directory ~/.junest. You can change the default directory by changing the environment variable JUNEST_HOME.
If you are new on Archlinux and you are not familiar with pacman package manager visit the pacman rosetta page.
JuNest comes with a very short list of dependencies in order to be installed in most of GNU/Linux distributions. Before installing JuNest be sure that all dependencies are properly installed in your system:
The minimum recommended Linux kernel is 2.6.0+ on x86 32 and 64 bit and ARM architectures.
Just clone the JuNest repo somewhere (for example in ~/.local/share/junest):
git clone git://github.com/fsquillace/junest ~/.local/share/junest
export PATH=~/.local/share/junest/bin:$PATH
If you are using an Arch Linux system you can, alternatively, install JuNest from the AUR repository:
yogurt -S junest-git
export PATH=/opt/junest/bin:$PATH
Alternatively, another installation method would be to directly download the JuNest image and place it to the default directory ~/.junest:
ARCH=<one of "x86_64", "x86", "arm">
mkdir ~/.junest
curl https://dl.dropboxusercontent.com/u/42449030/junest/junest-${ARCH}.tar.gz | tar -xz -C ~/.junest
export PATH=~/.junest/opt/junest/bin:$PATH
You can build a new JuNest image from scratch by running the following command:
junest -b [-n]
The script will create a directory containing all the essentials files in order to make JuNest working properly (such as pacman, yogurt and proot). The option -n will skip the final validation tests if they are not needed. Remember that the script to build the image must run in an Arch Linux OS with arch-install-scripts, package-query, git and the base-devel packages installed. To change the build directory just use the JUNEST_TEMPDIR (by default /tmp).
After creating the image junest-x86_64.tar.gz you can install it by running:
junest -i junest-x86_64.tar.gz
For more details, you can also take a look at junest-builder that contains the script and systemd service used for the automatic building of the JuNest image.
Related wiki page:
The following command will download the ARM JuNest image and will run QEMU in case the host OS runs on either x86_64 or x86 architectures:
$> JUNEST_HOME=~/.junest-arm junest -a arm -- uname -m
armv7l
To bind a host directory to a guest location, you can use proot arguments:
junest -p "-b /mnt/mydata:/home/user/mydata"
Check out the proot options with:
junest -p "--help"
Although JuNest has not been designed to be a complete container, it is even possible to virtualize the process tree thanks to the systemd container. The JuNest containter allows to run services inside the container that can be visible from the host OS through the network. The drawbacks of this are that the host OS must use systemd as a service manager, and the container can only be executed using root privileges.
To boot a JuNest container:
sudo systemd-nspawn -bD ~/.junest
Related wiki page:
There are two main chroot jail used in JuNest. The main one is proot which allows unprivileged users to execute programs inside a sandbox and jchroot, a small and portable version of arch-chroot which is an enhanced chroot for privileged users that mounts the primary directories (i.e. /proc, /sys, /dev and /run) before executing any programs inside the sandbox.
If jchroot fails for some reasons in the host system (i.e. it is not able to mount one of the directories), JuNest automatically tries to fallback to the classic chroot.
JuNest attempt first to run the executables in the host OS located in different positions (/usr/bin, /bin, /usr/sbin and /sbin). As a fallback it tries to run the same executable if it is available in the JuNest image.
The JuNest images are built every week so that you can always get the most updated package versions.
There are static QEMU binaries included in JuNest image that allows to run JuNest
in a different architecture from the host system. They are located in /opt/qemu
directory.
Q: Why do I get the following error when I try to install a package with yogurt?
Cannot find the gzip binary required for compressing man and info pages.
A: JuNest comes with a very basic number of packages. In order to install packages using yogurt you may need to install the package group base-devel that contains all the essential packages for compiling source code (such as gcc, make, patch, etc):
#> pacman -S base-devel
Q: Why I cannot install packages?
#> pacman -S lsof
Packages (1): lsof-4.88-2
Total Download Size: 0.09 MiB
Total Installed Size: 0.21 MiB
error: no servers configured for repository: core
error: no servers configured for repository: community
error: failed to commit transaction (no servers configured for repository)
Errors occurred, no packages were upgraded.
A: You need simply to update the mirrorlist file according to your location:
# Uncomment the repository line according to your location
#> nano /etc/pacman.d/mirrorlist
#> pacman -Syy
Q: How do I find which package a certain file belongs to?
A: JuNest is a really small distro, therefore you frequently need to find the package name for a certain file.
pkgfileis an extremely useful package that allows you to detect the package of a given file. For instance, if you want to find the package name for the commandgetopt:
#> pacman -S pkgfile
#> pkgfile --update
$> pkgfile getop
core/util-linux
Q: Why do I get the error: "FATAL: kernel too old"?
A: This is because the executable from the precompiled package cannot properly run if the kernel is old. You may need to specify the PRoot -k option if the guest rootfs requires a newer kernel version:
$> junest -p "-k 3.10"
In order to check if an executable inside JuNest environment can be compatible with the kernel of the host OS just use the file command, for instance:
$> file ~/.junest/usr/bin/bash
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked
(uses shared libs), for GNU/Linux 2.6.32,
BuildID[sha1]=ec37e49e7188ff4030052783e61b859113e18ca6, stripped
From the output you can see what is the minimum recommended Linux kernel version.
Q: Why I do not have permissions for ping?
$> ping www.google.com
ping: icmp open socket: Operation not permitted
A: The ping command uses suid permissions that allow to execute the command using root privileges. The fakeroot mode is not able to execute a command set with suid, and you may need to use root privileges. There are other few commands that have suid permission, you can list the commands from your JuNest environment with the following command:
$> find /usr/bin -perm +4000
Q: Why I do not see any characters in the application I have installed?
A: This is probably because there are no fonts installed in the system.
To quick fix this, you can just install a fonts package:
#> pacman -S gnu-free-fonts
Q: Why do I get warning when I install a package using root privileges?
#> pacman -S systat
...
warning: directory ownership differs on /usr/
filesystem: 1000:100 package: 0:0
...
A: In these cases the package installation went smoothly anyway. This should happen every time you install package with root privileges since JuNest will try to preserve the JuNest environment by assigning ownership of the files to the real user.
There are additional tutorials in the JuNest wiki page.
You could help improving JuNest in the following ways:
Filippo Squillace feel.sqoox@gmail.com