Change root: Difference between revisions

From NixOS Wiki
imported>Nh2
Show manual chroot
imported>Deepfire
Added `--option sandbox false` to the `nixos-enter` section.
Line 11: Line 11:
<syntaxHighlight lang=console>
<syntaxHighlight lang=console>
$ nixos-enter
$ nixos-enter
</syntaxHighlight>
Note, that when using <code>nixos-rebuild</code> inside the environment provided by <code>nixos-enter</code>, you have to give <code>nixos-rebuild</code> subcommands the <code>--option sandbox false</code> option, otherwise derivation builds will fail with the following error:
<syntaxHighlight lang=console>
error: cloning builder process: Operation not permitted
error: unable to start build process
</syntaxHighlight>
</syntaxHighlight>



Revision as of 12:47, 16 May 2021

Chroot is an operation that changes the apparent root directory for the current running process and their children. A program that is run in such a modified environment cannot access files and commands outside that environmental directory tree. This modified environment is called a chroot jail.

Using nixos-enter

nixos-enter allows to access a NixOS installation from a NixOS rescue system.

The nixos-enter program is part of NixOS. Before it runs provides a shell, the script mounts api filesystems like /proc and setups the profile and /etc of the target system. To use it, setup /mnt as described in the installation manual.

Then run nixos-enter:

$ nixos-enter

Note, that when using nixos-rebuild inside the environment provided by nixos-enter, you have to give nixos-rebuild subcommands the --option sandbox false option, otherwise derivation builds will fail with the following error:

error: cloning builder process: Operation not permitted
error: unable to start build process

Manual chroot

If a NixOS rescue system is not available, the chroot can be done manually from another Linux distribution.

Mount the file system containing the NixOS to chroot into at /mnt, using e.g.:

mount /dev/relevantPartitionNameHere /mnt

.

Mount the host system's Linux run-time api file systems inside the mount, then populate /run using the activate script and chroot inside, starting a bash shell (adapted from here; you may copy all these lines into your terminal as one block to run them):

mount -o bind /dev /mnt/dev
mount -o bind /proc /mnt/proc
mount -o bind /sys /mnt/sys
chroot /mnt /nix/var/nix/profiles/system/activate
chroot /mnt /run/current-system/sw/bin/bash

You should now be in your NixOS system, and should be able to adjust it by e.g. editing /etc/nixos/configuration.nix and running nixos-rebuild switch as usual. Remember that you may have to establish Internet access the chroot for some commands.