I bootstrapped an arch x86_64 rootfs on arch linux arm vm with qemu-x86_64 binfmt registered and copied static qemu-x86_64 to the same path in the chroot:

[root@archlinux ~]# cat /proc/sys/fs/binfmt_misc/qemu-x86_64
enabled
interpreter /usr/bin/qemu-x86_64
flags: PF
offset 0
magic 7f454c4602010100000000000000000002003e00

[root@archlinux ~]# file rfs/usr/bin/qemu-x86_64 
rfs/usr/bin/qemu-x86_64: ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), static-pie linked, BuildID[sha1]=1640ccd48aea1547a7b9d5a265cd35cfd9367cbd, for GNU/Linux 3.7.0, with debug_info, not stripped

It threw errors like:

:: Running post-transaction hooks...
( 1/11) Creating system user accounts...
call to execv failed (No such file or directory)
error: command failed to execute correctly

I tried to use

rfs qemu-x86_64 /usr/bin/bash

, the shell seems launch correctly, but any command I type did not work:

[root@archlinux ~]# chroot rfs qemu-x86_64 /usr/bin/bash
ls
/usr/bin/bash: line 1: /usr/bin/ls: cannot execute: required file not found
env
/usr/bin/bash: line 2: /usr/bin/env: cannot execute: required file not found
exit

But running command directly works:

[root@archlinux ~]# chroot rfs qemu-x86_64 /usr/bin/ls
bin
boot
dev
etc
home
lib
lib64
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var

Why and how to fix it?

I'm trying to proot absolutely minimal environment in Ubuntu (as an initial step for further activities), but I can't solve following error:

proot warning: can't chdir("/home/user/Downloads/Proot/./.") in the guest rootfs: No such file or directory
proot info: default working directory is now "/"
proot error: execve("/bin/sh"): No such file or directory
proot info: possible causes:
  * the program is a script but its interpreter (eg. /bin/sh) was not found;
  * the program is an ELF but its interpreter (eg. ld-linux.so) was not found;
  * the program is a foreign binary but qemu was not specified;
  * qemu does not work correctly (if specified);
  * the loader was not found or doesn't work.
fatal error: see proot --help.

Proot root directory is initialized using following commands:

mkdir -p ./001_busybox/{bin,etc,lib,proc,sys,tmp,dev}
cp /bin/busybox ./001_busybox/bin
cd ./001_busybox/bin
./busybox --install -s .

cd ../lib
mkdir ./x86_64-linux-gnu
cp /lib/x86_64-linux-gnu/libc.so.6 ./x86_64-linux-gnu/

cp /lib/ld-linux.so.2 .

Then I try to proot using commands:

export PROOT_NO_SECCOMP=1
unset LD_PRELOAD
proot -0 -b /dev -b /proc -b /sys -r ./001_busybox /bin/sh

I've tried many combinations found in Google (including using / not using PROOT_NO_SECCOMP and LD_PRELOAD variables - e.g. PROOT_NO_SECCOMP should be just a workaround for kernel bug on obsolete 32-bit platforms, it's probably not needed more), but without any success. Problem is, that on another PC with 32-bit Ubuntu exactly the same steps work perfectly fine, just directory i386-linux-gnu is used instead of x86_64-linux-gnu. So I can't understand why it works on 32-bit platform, but not on 64-bit Ubuntu. Issue is probably not caused by Busybox which I try to start since strace reports it can't change directory (= one step before executing the shell):

execve("/usr/bin/proot", ["proot", "-0", "-r", "./001_busybox", "/bin/sh"], 0x7ffd018c6300 /* 64 vars */) = 0
brk(NULL)                               = 0x55d7d7a0b000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffe786a9c00) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=143139, ...}) = 0
mmap(NULL, 143139, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fefe1fa8000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libtalloc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 4\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=67664, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefe1fa6000
mmap(NULL, 69712, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fefe1f94000
mmap(0x7fefe1f97000, 40960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fefe1f97000
mmap(0x7fefe1fa1000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7fefe1fa1000
mmap(0x7fefe1fa4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x7fefe1fa4000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300A\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0W\222s/x1X\306o\264\363udX\312$"..., 68, 880) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=2029592, ...}) = 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0W\222s/x1X\306o\264\363udX\312$"..., 68, 880) = 68
mmap(NULL, 2037344, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fefe1da2000
mmap(0x7fefe1dc4000, 1540096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7fefe1dc4000
mmap(0x7fefe1f3c000, 319488, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19a000) = 0x7fefe1f3c000
mmap(0x7fefe1f8a000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7fefe1f8a000
mmap(0x7fefe1f90000, 13920, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fefe1f90000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefe1d9f000
arch_prctl(ARCH_SET_FS, 0x7fefe1d9f740) = 0
mprotect(0x7fefe1f8a000, 16384, PROT_READ) = 0
mprotect(0x7fefe1fa4000, 4096, PROT_READ) = 0
mprotect(0x55d7d6579000, 8192, PROT_READ) = 0
mprotect(0x7fefe1ff8000, 4096, PROT_READ) = 0
munmap(0x7fefe1fa8000, 143139)          = 0
brk(NULL)                               = 0x55d7d7a0b000
brk(0x55d7d7a2c000)                     = 0x55d7d7a2c000
getpid()                                = 3537
getcwd("/home/user/Downloads/Proot", 4096) = 27
lstat("/home/user/Downloads/Proot/001_busybox", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
getcwd("/home/user/Downloads/Proot", 4096) = 27
stat("/home/user/Downloads/Proot/001_busybox/home", 0x7ffe786a5850) = -1 ENOENT (No such file or directory)
lstat("/home/user/Downloads/Proot/001_busybox/home", 0x7ffe786a5970) = -1 ENOENT (No such file or directory)
write(2, "proot warning: ", 15proot warning: )         = 15
write(2, "can't chdir(\"/home/user/Download"..., 92can't chdir("/home/user/Downloads/Proot/./.") in the guest rootfs: No such file or directory) = 92
write(2, "\n", 1

Why proot (only 64-bit, but not on another 32-bit PC where everything works fine) is trying to change dir to the /home to start shell after it's prooted? Shell is specified in /bin/sh, not relatively to current directory: proot -0 -b /dev -b /proc -b /sys -r ./001_busybox /bin/sh

How to use Jailkit Jail Manager in Virtualmin (Webmin 1.892) to restrict users in their homes including virtual website and all services running under user? I am setting up small website hosting service and I must disable access to everything except user's home. I dont want to use FTP or FTPS! User's will have full SSH access to their system and they will be able to run for example NodeJS scripts, Teamspeak, etc... Is it possible? If yes, is it possible in Virtualmin or it needs more and deeper setup. EDIT: I am using Debian 9

Are there any better alternative to chroot environment? I'm thinking about running nginx on a jailed environment. BTW, I'm on OpenVZ VPS, so modifying the Kernel is a no-no. (I think that prevents me from installing SELinux, AppArmor, etc.)

I have two users and one shared folder in my Ubuntu server: 1. User writer, which has write access to /var/shared. It's an application regularly making file changes in this folder from remote, with an SSH key. 2. User reader is used by multiple clients with an SSH key, a key they can get without my permission, that's why I need to restrict commands available in this shell. ### Question: I need to restrict commands accessible for the reader user so it can use only sftp and rsync protocols (no standard commands like mkdir, ls, top, ...).  Only directory /var/shared must be readable, and must be a root path, e.g., no need to cd into it, it's already / in sftp or rsync. **How do I write a shell script so I can apply it with usermod -s for user reader that will give such behavior?** I cannot find any samples. How do I make writer also remain "jailed" to /var/share, so paths are same? ### Notes: 1. I have tried sshd_config's Match, ForceCommand internal-sftp and ChrootDirectory directives already. This requires the ChrootDirectory to be owned by root and non-writable (755 or less), and does not support rsync. 2. I have tried rssh, but it simply doesn't work for directories outside the home directory for the logged in user. So I couldn't chroot users to the same directory with different permissions. 3. I tried to use command=".." ssh-rsa.... in the authorized_keys file, but didn't get how can I enable behavior which I need, I only check rrsync script from rsync's docs. This method has no chroot feature I need. ### Can I have a sample at least for such shells? Is this achievable with scripts? Bash and C++ (if needed) are welcome. Output of ldd /bin/bash: linux-vdso.so.1 => (0x00007fff7e9d1000) libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f79dfd8b000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f79dfb87000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f79df7bd000) /lib64/ld-linux-x86-64.so.2 (0x000055bd0767c000)

I'm trying to utilize some of the systemd helpers to [chroot(2)](http://man7.org/linux/man-pages/man2/chroot.2.html) the process using RootDirectory=. It's a rudimentary Python script that lives under /srv/http that hosts a web server. It has a shebang #!/usr/bin/python *(and I've also tried different combinations)* The service file is also quite simple:

[Unit]
Wants=network-online.target
After=network-online.target

AssertPathExists=/srv/http

[Service]
Type=simple
Restart=always
RestartSec=10

RootDirectory=/srv/http
PrivateTmp=true

ExecStart=/server.py
PIDFile=/run/miniweb.pid

[Install]
WantedBy=multi-user.target

The log clearly says it can't find the executable:

Mar 11 19:23:49 bigrigv2 systemd: testweb.service: Failed to execute /server.py: No such file or directory
Mar 11 19:23:49 bigrigv2 systemd: testweb.service: Failed at step EXEC spawning /server.py: No such file or directory

It's marked as executable:

-rwxr-xr-x 1 anton anton  650 Mar 11 19:06 server.py

I also tried ExecStart=/bin/python /srv/http/server.py and other variations. I'm not entirely sure I even understand the concept of RootDirectory and how to properly execute for instance Python or other binaries from a chrooted service script. My assumption is that before executing the service, it chroot:s in to /srv/http after which the service won't be able to back out and execute Python in this case. Which would make sense, but then I don't quite get why /server.py isn't found. And how would you execute things that are dependent on other binaries? Most solutions mention utilizing the language (C for instance) chroot and control it from the application, but then I don't understand the point of offering chroot in the service script for other things than very limited bash scripts or standalone binaries. Probably an extremely easy problem, but I'm quite lost and any help would be appreciated!

Im currently Porting Arch Linux to My phone and I am trying to set up the rootfs properly - have it installed to an external scdard and am using busybox to chroot into it with busybox chroot /data/ local/mnt sh I can see pacman exists when I search for it: /usr/bin # type -a pacman returns /sbin/pacman but whenever I try to install the base system with: pacman -S base-devel 1lightdm xorg-xinit xfce4 networkmanager --needed I get sh: pacman: not found

I'm working on a RH 7.3 with some issues on the partitions so It doesn't boot properly and goes in emergency mode. I booted the machine from an RH 7.3 iso and I need to extract an sosreport in Rescue mode but I have the following errors: chroot /mnt/sysimage chroot: failed to run command '/bin/sh': No such file or directory So I use the following command as in the page https://access.redhat.com/solutions/43133 : ln -s bash /mnt/sysimage/bin/sh but I'm getting the error message: ln: failed to create symbolic link /mnt/sysimage/bin/sh: No such file or directory Could you help me please?

Let's say one has only remote access (SSH) to an embedded Linux device and the goal is to upgrade the OS to a new version. The device has only one partition, but there's easily more than 50% unused space and the device has about 256 MB of RAM to work with. How would one go about doing that? I'm thinking the solution would probably involve tempfs and pivot_root. Here's my vague idea for how to do this: 1. upload new rootfs structure to a directory on the device 2. mount a tempfs in RAM and copy over required system resources to keep the system running while the rootfs is being worked on 3. change root to the tempfs using pivot_root or chroot or both, not quite sure 4. copy the rootfs structure from the uploaded directory to replace the old 5. reboot to the new version of the OS Now, I'm thinking this sounds too simple to actually work. Can you please poke holes in my plan and tell me what I missed or better yet give me pointers to how to do it right? Does anybody have experience in doing something like this?

I have debian stretch installed in arm64 android phone in chrooted environment. I have installed docker-ce following these steps from here . On starting docker :: systemctl start docker returns this error :: Running in chroot, ignoring request. Checking using service docker status shows [FAIL] Docker is not running ... failed! How can I run it inside chroot on my android phone ?

First of all, I have inside an android Operating System a chroot environment created using Linux Deploy. I am able to access it from Android using a terminal emulator and root permission. I would like to run a script inside it. However, when trying to run the script, or even normal shell commands, it doesn't executes and returns this error: "No such file or directory" So, I am wondering, is it there a way to execute, from the host within a chroot environment, commands/scripts? Has the problem to do with the proper setting of the environment PATH variable? I am able to execute ls command within the chroot environment but when printing with the -la argument it doesn't even show the . and .. directories. Could someone explain why is this happening and how could we overcome this issue? P.D.: I've posted this issue in unix/linux stack exchange because I thought it concerns more to it. However, if you recommend me to also post it in stackoverflow or any other, I am open to do so.

I've been trying the "Developer console" in ChromeOS( dev mode), which is entered by Ctrl+Alt+Forward but when switching the keyboard layout with loadkeys cz I got an error saying Couldn't get a file descriptor referring to the console. + I get the same when chroot is entered from crosh, but in that case the layout set in ChromeOS is used, which is fine. I can see that the keyboard code is correct with ls /usr/share/X11/xkb/symbols/ In addition I've found the response of loadkeysis the same in Crosh , only there is the language/layout inherited from the system setup. Is there any other way to set the keyboard mapping/layout in shell?

Everything I am reading says that for chroot to work with sftp root has to own the folder. I want to make it so a user can only sftp to a sub-directory in their home folder like /home/user/some/folder. Obviously ro

I'm struggling to find a solution regarding this problem : My goal is to set up a sftp server on a Debian 12, there will be several directories corresponding to each departement of my firm, every member of each departement should be able to acces their corresponding directory. I've tried many solutions but i'm struggling with one point : when ever i'm using chroot i cannot retrieve log beside the connection ones. i tried something like :

Subsystem sftp internal-sftp -f LOCAL7 -l VERBOSE

Match Group sftpusers
ChrootDirectory /var/sftp
ForceCommand internal-sftp
PasswordAuthentication yes
PermitTunnel no
AllowTcpForwarding no
X11Forwarding no

I've another concern, it's seems that my chroot directories is not reachable unless it's set up like this :

chown root:sftpusers /var/ftp
chmod 750 /var/ftp

if i try chmod 770 /var/ftp , i cannt connect to my server. If anybody as a clue regarding this matter it will be a great help. Maybe i'm doing things wrong, and my choices are not the good ones, i'm open to every suggestion to solve this. Thank you

After much Googling and troubleshooting I've given up. I've got Debian 12 running on an old HP Micro 8. LVM is configured: sda 8:0 0 1.8T 0 disk `-sda1 8:1 0 1.8T 0 part `-md127 9:127 0 1.8T 0 raid1 |-md127p1 259:0 0 1.8T 0 part | `-VolumeGroup1-Volume1 253:0 0 4.5T 0 lvm / |-md127p2 259:1 0 1K 0 part `-md127p5 259:2 0 976.9M 0 part `-VolumeGroup1-Volume1 253:0 0 4.5T 0 lvm / sdb 8:16 0 2.7T 0 disk `-sdb1 8:17 0 2.7T 0 part `-md126 9:126 0 2.7T 0 raid1 `-VolumeGroup1-Volume1 253:0 0 4.5T 0 lvm / sdc 8:32 0 2.7T 0 disk `-sdc1 8:33 0 2.7T 0 part `-md126 9:126 0 2.7T 0 raid1 `-VolumeGroup1-Volume1 253:0 0 4.5T 0 lvm / sdd (Debian live USB) 8:48 1 239G 0 disk `-sdd1 8:49 1 239G 0 part sde 8:64 0 1.8T 0 disk `-sde1 8:65 0 1.8T 0 part `-md127 9:127 0 1.8T 0 raid1 |-md127p1 259:0 0 1.8T 0 part | `-VolumeGroup1-Volume1 253:0 0 4.5T 0 lvm / |-md127p2 259:1 0 1K 0 part `-md127p5 259:2 0 976.9M 0 part `-VolumeGroup1-Volume1 253:0 0 4.5T 0 lvm / On boot using the 6.1.0-31-amd64 kernel, I'm getting the error

Kernel Panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)

. I've typically fixed this in the past by running

update-initramfs -u -k 6.1.0-31-amd64

. This command produces the error

Error: unknown LVM metadata header

, grub-update is the same and grub does not get updated. Booting to a different kernel e.g. 6.1.0-21-amd64 gets me further, but then I'm booted into a read only file system. I can't find the systemd errors because

journalctl -xb

can't find the last boot. I've chrooted from a Debian live usb, mounted my LVM, sys, proc, dev, pts. I've tried uninstalling and reinstalling different kernels with no luck. I've reinstalled grub-efi with no luck either. Grub-install also produces the LVM metadata error. On this,

/boot/efi

is empty. I can't seem to figure out why. Can anyone shed any light on what I can try next? Where can I look to fix the LVM metadata header error? Please let me know if any further info is required and I'll update the question. # edit 1 - ls -lah /boot (comment request)

root@debian:/# ls -lah /boot
total 50M
drwxr-xr-x 4  root root 4.0K Mar 7 22:43 .
drwxr-xr-x 20 root root 4.0K Mar 7 22:54 ..
-rw-r--r-- 1  root root   83 May 3 2024 System.map-6.1.0-21-amd64
-rw-r--r-- 1  root root 254K May 3 2024 config-6.1.0-21-amd64
drwxr-xr-x 2  root root 4.0K Mar 7 21:54 efi
drwxr-xr-x 5  root root 4.0K Mar 7 22:42 grub
-rw-r--r-- 1  root root  42M Mar 7 22:43 initrd.img-6.1.0-21-amd64
-rw-r--r-- 1  root root 7.8M May 3 2024 vmlinuz-6.1.0-21-amd64

Per the title, I upgraded my desktop from Fedora 38->40. That part was successful. I was going to upgrade to Fedora 41, but new dependency errors appeared that seemed tied to sagemath, which I had removed in Fedora 38, before upgrading. So, I did a remove-retired-packages to see if this would clear up the message. Except the system came to Zlib, which would affect sudo, and I shouldn't remove it. Since this was all driven by KiCAD and ngspice not talking under Fedora 38, I decided to see if they were working now. While KiCAD simulator could run ngspice now, ngspice refused to work because a needed library from Fedora 38 was missing? I started a new CLI and attempted to run ngspice manually, but I got the same result. Strange. Then I started getting the error that bash needed glibc_2.38. I'm like, why? I tried to shut down, but that option was missing from the menu. Shutdown from the CLI failed because gblibc_2.38 was missing. So I killed the system only to have the boot loader fail. No reason given, and I can't start a previous version because of an MB issue with USB keyboards, arrows only hit 1st and last options in Grub? Another issue for another day. I started the live CD and followed my notes to recover an OS from a previous issue concerning a BTRFS file system that burped on me. I reached the point where I do chroot /mnt, which said it can't find glibc_2.38. So, how do I fix this problem? I wish Fedora could restamp their OS and config files into the existing system without requiring me to wipe and reload. I don't want to lose all the configuration settings I've put on this drive and the time needed to reload everything.

I want to test the [pivot_root](http://man7.org/linux/man-pages/man8/pivot_root.8.html) command which moves the root file system of the current process to the directory put_old and makes new_root the new root file system. *But I always get the following error:* pivot_root: failed to change root from .' toold-root/': Invalid argument I use fedora as base root, I have a Archlinux in my home folder [root@localhost arch-root]# ls bin boot dev etc home lib lib64 mnt old-root opt proc root run sbin srv sys tmp usr var [root@localhost arch-root]# pivot_root . old-root/ pivot_root: failed to change root from .' toold-root/': Invalid argument I also try to call linux function pivot_root("/chroot_test", "/chroot_test/old-root"); Got same error. Any ideas about this ? ### Update #1 I also try to test pivot_root in Docker. I mount this arch-root in to Docker container. But get the following error: Operation not permitted root@00d871ce892b:/# cd test_root/ root@00d871ce892b:/test_root# ls bin boot dev etc home lib lib64 mnt old-root opt proc root run sbin srv sys test_pivot_root test_pivot_root.c tmp usr var root@00d871ce892b:/test_root# pivot_root . tmp/ pivot_root: Operation not permitted

currently, the user connects via SFTP to the server and is placed in the files folder. Is there a way to prevent them from exiting the files folder? sshd config for the user sftp: Match User sftp ForceCommand internal-sftp -d /files/ PasswordAuthentication no PubkeyAuthentication yes ChrootDirectory /home/sftp/uploads/ PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no I know that ForceCommand internal-sftp has additional options — -P to allow, and -p to deny. However, combining them with the result I want has not worked. The closest I’ve gotten is "ForceCommand internal-sftp -d /files/ -P stat", but when I deny stat, the user can no longer download files. Here is the full list of keys: open, close, read, write, lstat, fstat, setstat, fsetstat, opendir, readdir, remove, mkdir, rmdir, realpath, rename, readlink, symlink, posix-rename, statvfs, fstatvfs, hardlink, fsync, lsetstat. Has anyone faced a similar issue before? How did you solve it?

I am quite new to Linux. I have spent hours searching through forums for the answer. I'm using Arch Linux and am unable to update the system now as I keep getting an error telling me that Mesa-libgl and nvidia-libgl are in conflict. I attempted to fix this with sudo pacman -S nvidia nvidia-libgl. When I rebooted I just got a black screen that had some info and it would just hang there and never load GNOME. I just want to re-install mesa and mesa-libgl. I chroot in from GRUB and it puts me as root@(none). pacman -S mesa mesa-libgl just gives me could not resolve host on all my mirrors.

I am working on an embedded Linux system (kernel-5.10.24), and busybox as init. I created 2 rootfs partitions in system, I want to use pivot_root and chroot to change rootfs between them. When the system firstly bootup, the mount showed.

# mount
ubi0:rootfs on / type ubifs (rw,relatime,assert=read-only,ubi=0,vol=0)
devtmpfs on /dev type devtmpfs (rw,relatime,size=42008k,nr_inodes=10502,mode=755)
proc on /proc type proc (rw,relatime)
tmpfs on /tmp type tmpfs (rw,relatime)
tmpfs on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
sysfs on /sys type sysfs (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=000)
tmpfs on /dev/shm type tmpfs (rw,relatime)

Now, I mounted 2nd rootfs into /mnt, then I run pivot_root and chroot.

# mount -t ubifs /dev/ubi1_0 /mnt/
# cd /mnt
# pivot_root . oldroot
# chroot . sh
# umount /oldroot
umount: can't unmount /oldroot: Device or resource busy

I mount proc after pivot_root and chroot, and mount showed.

# mount -t proc proc /proc
# mount
ubi0:rootfs on /oldroot type ubifs (rw,relatime,assert=read-only,ubi=0,vol=0)
devtmpfs on /oldroot/dev type devtmpfs (rw,relatime,size=42008k,nr_inodes=10502,mode=755)
proc on /oldroot/proc type proc (rw,relatime)
tmpfs on /oldroot/tmp type tmpfs (rw,relatime)
tmpfs on /oldroot/run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
sysfs on /oldroot/sys type sysfs (rw,relatime)
devpts on /oldroot/dev/pts type devpts (rw,relatime,mode=600,ptmxmode=000)
tmpfs on /oldroot/dev/shm type tmpfs (rw,relatime)
/dev/ubi1_0 on / type ubifs (rw,relatime,assert=read-only,ubi=1,vol=0)
proc on /proc type proc (rw,relatime)

I checked the comments and answer of https://unix.stackexchange.com/questions/306406/unable-to-umount-after-pivot-root and tried the script, but I still failed with the same error. What should I do to umount /oldroot after pivot_root and chroot? ## Updated. I found umount -l /oldroot can umount the oldroot. But how can I relaunch the init in the new_root and go through the /etc/inittab??