Ask Your Question

Is there a way to safely chroot into a Fedora system and perform package management?

asked 2017-12-18 09:25:19 -0500

updated 2017-12-18 09:33:54 -0500

I would like to chroot into my Fedora 27 system and perform some package management tasks namely installing the grub2-efi package with DNF so I can re-installed my GRUB2 bootloader for F27. The reason I need to do that is that I installed a second Fedora 27 system on the same hard disk and its bootloader overwrote my previous installation's. Unfortunately as my Fedora root partition is formatted as Btrfs for some reason the GRUB bootloader of my other distributions I have installed, including my second Fedora 27 installation, do not make boot entries for this old F27 installation and yes os-prober is installed on them and I have run grub-mkconfig -o /boot/grub/grub.cfg (or their equivalent e.g. grub2-mkconfig -o /boot/grub2/grub.cfg I know is what is done on Fedora) on them since I made this old Fedora installation. Now the reason for this question is not that I do not know how to chroot into a Linux system in general, but because whenever I do so with Fedora and then do package management within the chroot I end up with several systemd services failing on me on boot and the system refusing to finish booting. To be clear I would like to avoid this unpleasant result.

Here is my chroot procedure so you can scrutinize it (after I've mounted the required partitions, say the root partition is mounted at /mnt for the sake of the commands shown below):

mount -t proc /proc /mnt/proc
mount --rbind /dev /mnt/dev
mount --make-rslave /mnt/dev
mount --rbind /sys /mnt/sys
mount --make-rslave /mnt/sys
cp -L /etc/resolv.conf /mnt/etc
chroot /mnt /bin/bash
edit retag flag offensive close merge delete


Your system is running with UEFI firmware, right? Then, your grub-mkconfig command is supposed to be grub-mkconfig -o boot/efi/EFI/fedora/grub.cfg.

florian gravatar imageflorian ( 2017-12-18 11:23:49 -0500 )edit

Might be a bad habit I picked up from Arch as /boot/efi/EFI/arch only has grubx64.efi in it. Thanks, makes no difference though in this case. The bootloaders on other systems all do not even mention Fedora in their grub-mkconfig output, so hence an entry isn't even being created, regardless of the file it's stored in. The second Fedora installation does mention the other Fedora install in its GRUB output but as it was installed AFTER the first it should have written the first install's entry to its config to begin with. Anyway updating its GRUB config this way doesn't fix this problem.

Brenton Horne gravatar imageBrenton Horne ( 2017-12-18 12:29:14 -0500 )edit

3 Answers

Sort by ยป oldest newest most voted

answered 2018-08-29 10:13:06 -0500

bartoc gravatar image

dnf has the --installroot parameter that can be useful for this.

You can also use systemd-nspawn. For example if your system is installed on /dev/sda3 (as the root partition) you can say "systemd-nspawn -b -n -i /dev/sda3"

-b says to start systemd in the container and tell it that it's running in the container.

-n says to enable networking, it creates a network namespace and a veth into the container, it also communicates with systemd-networkd

-i says to boot an image, you can use -D to boot a directory.

Systemd does have some ability to do selinux correctly, but you're still likely to need to relabel (which is massively annoying)

edit flag offensive delete link more

answered 2017-12-18 14:41:47 -0500

ssieb gravatar image

The easiest way to chroot to an existing install is to boot a netinstall image using rescue mode. This will automatically mount all the special filesystems like /dev and /proc for you and it will also fix your booting problem. That is caused by selinux labels not being set properly when you make changes in chroot mode. What the rescue mode does (and what you can do yourself) is run touch /mnt/.autorelabel before you reboot. This will cause the next boot to run a full selinux relabel of the filesystem before starting up which will fix all the modified files to have the correct labels.

edit flag offensive delete link more



I was going to say, "Thanks!" Fortunately I gave it a go before that (ran grub2-install after installing grub2-efi-x64-modules, then ran grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg, then as I noticed there was an update I ran dnf update -y and it updated the kernel from 4.14.5-300 to 4.14.6-300) and now the fedora bootloader does appear as an option but when I click on it I am taken to grub rescue (i.e. the screen with "Minimal BASH-like line editing is supported").

Brenton Horne gravatar imageBrenton Horne ( 2017-12-19 01:08:20 -0500 )edit

Don't run grub2-install on an EFI system. What is the output of rpm -qV grub2-efi-x64? If that shows any modified files (other than grub.cfg) then do dnf reinstall grub2-efi-x64 and run grub2-mkconfig again.

You say that "the fedora bootloader does appear as an option". Where do you see that?

ssieb gravatar imagessieb ( 2017-12-19 01:49:01 -0500 )edit

When I press F9 on boot which gets me into the change boot order option. I'm using to reading rpm -qV output so here it is . Based on it I'd say those files mentioned have been changed. So I'll reinstall.

Brenton Horne gravatar imageBrenton Horne ( 2017-12-19 01:58:34 -0500 )edit

/sbin/grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg gives: /usr/sbin/grub2-probe: error: cannot find a device for / (is /dev mounted?). from the chroot by-the-way. Chroot was prepared with my aforementioned method, and yes I shall run touch /mnt/.autorelabel command before rebooting. ls /dev from the chroot returns: (showing screenshot as it shows the colours for ya).

Brenton Horne gravatar imageBrenton Horne ( 2017-12-19 02:03:28 -0500 )edit

I just did so in the netinstall rescue chroot and everything went fine and dandy except that SELinux relabelling occurred in reboot and took ~10 mins to complete. Not sure whether I should accept this answer 'til you come up with a more complete way to chroot in from another system (not just the netinstall rescue mode).

Brenton Horne gravatar imageBrenton Horne ( 2017-12-19 02:52:56 -0500 )edit

answered 2018-08-29 03:06:19 -0500

genodeftest gravatar image

updated 2018-08-29 03:07:20 -0500

Have a look in the Arch wiki as a starting point.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-12-18 09:25:19 -0500

Seen: 3,096 times

Last updated: Aug 29 '18