As of version 1.7.0, yule is able to chroot itself after startup and initialization, either by using the command line option
        bash$ yule --chroot=/chrootdir
      or by requesting it in the configuration file:
	[Misc] 
	SetChrootDir=path 
      In order to prepare for the chroot jail, the following is required:
| ![[Tip]](stylesheet-images/tip.png) | Tip | 
|---|---|
| In the 
         | 
Compile normally. Make sure you use either 
            dev/random(default
            if existing) or EGD (Entropy Gathering Daemon) for the
            entropy device. If 
            dev/random does not
            exist, the default is the 'standard unix entropy
            gatherer', which uses the output of many system
            commands, and therefore is not suitable within a chroot
            jail.
Install with the command(s):
              bash$ make DESTDIR=/chrootdir install
              bash$ make DESTDIR=/chrootdir install-user
              bash$ make install-boot
            Fix the path to the yule binary in the runlevel start/stop script installed by the last command.
Prepare the chroot environment. Basically, you
            need under 
            
            /chrootdir
(a) an entropy device, either 
            dev/random, 
            dev/urandom, or an
            EGD (Entropy Gathering Daemon) socket,
(b) minimum 
            etc/passwd, 
            etc/group files, at
            least with entries for root and the unprivileged 
            yule user.
            Replace passwords with an asterix, and make sure the
            homedirectory of the unprivileged 
            yule user is
            correct within the chroot jail.
(c) files required for DNS: 
            etc/nsswitch.conf,
            
            etc/hosts, 
            etc/host.conf, 
            etc/resolv.conf, 
            etc/services, 
            
            etc/protocols.
Create a symlink 
            /etc/yulerc to 
            
            /chrootdir/etc/yulerc (no, it will not work
            the other way round).
Because yule chroots after startup, there is no need to copy shared libraries into the chroot jail. They will be loaded upon startup, before the chroot() occurs.
| ![[Tip]](stylesheet-images/tip.png) | Tip | 
|---|---|
| If you are using syslog logging, you need a 
         
           | 
| ![[Tip]](stylesheet-images/tip.png) | Tip | 
|---|---|
| If you are using a GnuPG-signed configuration, you will need a working copy of gpg in the chroot jail. |