OSX and chroot unable to find /bin/bash

Question

I am trying to get chroot to work on my mac book. I setup the jail dir to contain all the requirements for /bin/sh and /bin/bash (recursively called /usr/bin/otool)

# ls /var/chroot/*/*
/var/chroot/bin/bash    /var/chroot/bin/sh

/var/chroot/usr/lib:
libDiagnosticMessagesClient.dylib       libauto.dylib
libc++abi.dylib                         libobjc.A.dylib
libSystem.B.dylib                       libc++.1.dylib
libncurses.5.4.dylib                    system

when I try to use chroot on /var/chroot, it keeps saying it can't find /bin/bash

# chroot /var/chroot/
chroot: /bin/sh: No such file or directory
$ sudo chroot /var/chroot/
chroot: /bin/bash: No such file or directory

Any idea whats causing chroot not to work on my mac?

OSX version 10.8.4

Edit: On CentOS, when I run ldd /bin/bash, I get all the libs needed. If I don't copy them all over, it says /bin/bash: No such file or directory. So I assume that this means that on mac I am missing libs; just not sure which.

Answer 1

You need to copy /usr/lib/dyld to your chroot jail to get the dynamic linker. If that is not present, then attempting to execute anything in the chroot jail will fail without any error other than Killed: 9. Once you get /usr/lib/dyld copied over, then if you are missing any further libraries you will get an error, e.g:

dyld: Library not loaded: /usr/lib/libncurses.5.4.dylib
  Referenced from: /bin/bash
  Reason: image not found

From your list of files I see you don't have /usr/lib/dyld, so I think it is very likely this is your problem. I'm not sure why you are getting No such file or directory instead of Killed: 9 for this issue; possibly that is an OS version difference - I am testing on Mac OS X 10.10.5, you are (or were) testing with Mac OS X 10.8.4.

hwatkins' answer of course works since it copies both /usr/lib/dyld and every required dylib to run /bin/bash to the jail. However, when setting up a jail, I prefer to only copy the bare minimum to get it to work. Once you've copied dyld and bash, you can follow the error messages to get the paths to all the other libraries you need. (A bit laborious, but it is a guaranteed minimum.)

The method of recursively calling otool -L also works for *.dylib files, but it won't tell you about /usr/lib/dyld. This is because -L prints shared libraries used, but /usr/lib/dyld is not exactly a shared library. If you run otool -l on an executable library, you'll see the -L output matches the load command LC_LOAD_DYLIB (and a few variants such as LC_REEXPORT_DYLIB), whereas the reference to dyld is in LC_LOAD_DYLINKER, which is not output by -L.