diff --git a/rust/agama-lib/share/examples/post-script.jsonnet b/rust/agama-lib/share/examples/post-script.jsonnet
new file mode 100644
index 0000000000..268f2a2026
--- /dev/null
+++ b/rust/agama-lib/share/examples/post-script.jsonnet
@@ -0,0 +1,25 @@
+{
+  user: {
+    fullName: 'Jane Doe',
+    userName: 'jane.doe',
+    password: 'nots3cr3t',
+  },
+  root: {
+    password: 'nots3cr3t',
+  },
+  product: {
+    id: 'Tumbleweed',
+  },
+  scripts: {
+    post: [
+      {
+        name: 'enable-sshd',
+        chroot: true,
+        body: |||
+          #!/bin/bash
+          systemctl enable sshd
+        |||,
+      },
+    ],
+  },
+}
diff --git a/rust/agama-lib/share/profile.schema.json b/rust/agama-lib/share/profile.schema.json
index 7361b48427..ad86c440e2 100644
--- a/rust/agama-lib/share/profile.schema.json
+++ b/rust/agama-lib/share/profile.schema.json
@@ -18,7 +18,7 @@
           "description": "User-defined scripts to run before the installation starts",
           "type": "array",
           "items": {
-            "$ref": "#/$defs/script"
+            "$ref": "#/$defs/preScript"
           }
         },
         "post": {
@@ -26,7 +26,7 @@
           "description": "User-defined scripts to run after the installation finishes",
           "type": "array",
           "items": {
-            "$ref": "#/$defs/script"
+            "$ref": "#/$defs/postScript"
           }
         },
         "init": {
@@ -34,7 +34,7 @@
           "description": "User-defined scripts to run booting the installed system",
           "type": "array",
           "items": {
-            "$ref": "#/$defs/script"
+            "$ref": "#/$defs/initScript"
           }
         }
       }
@@ -1418,8 +1418,57 @@
       "title": "Stripe size",
       "$ref": "#/$defs/sizeValue"
     },
-    "script": {
-      "title": "User-defined installation script",
+    "preScript": {
+      "title": "User-defined installation script that runs before the installation starts",
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "name": {
+          "description": "Script name, to be used as file name",
+          "type": "string"
+        },
+        "body": {
+          "title": "Script content",
+          "description": "Script content, starting with the shebang",
+          "type": "string"
+        },
+        "url": {
+          "title": "Script URL",
+          "description": "URL to fetch the script from"
+        }
+      },
+      "required": ["name"],
+      "oneOf": [{ "required": ["body"] }, { "required": ["url"] }]
+    },
+    "postScript": {
+      "title": "User-defined installation script that runs after the installation finishes",
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "name": {
+          "description": "Script name, to be used as file name",
+          "type": "string"
+        },
+        "body": {
+          "title": "Script content",
+          "description": "Script content, starting with the shebang",
+          "type": "string"
+        },
+        "url": {
+          "title": "Script URL",
+          "description": "URL to fetch the script from"
+        },
+        "chroot": {
+          "title": "Whether it should run in the installed system using a chroot environment",
+          "description": "whether to chroot to the target system (default: yes) or not",
+          "type": "boolean"
+        }
+      },
+      "required": ["name"],
+      "oneOf": [{ "required": ["body"] }, { "required": ["url"] }]
+    },
+    "initScript": {
+      "title": "User-defined installation script that runs during the first boot of the target system, once the installation is finished",
       "type": "object",
       "additionalProperties": false,
       "properties": {
diff --git a/rust/agama-lib/src/scripts/client.rs b/rust/agama-lib/src/scripts/client.rs
index f71c82fbac..dfb05ab703 100644
--- a/rust/agama-lib/src/scripts/client.rs
+++ b/rust/agama-lib/src/scripts/client.rs
@@ -35,7 +35,7 @@ impl ScriptsClient {
     /// Adds a script to the given group.
     ///
     /// * `script`: script's definition.
-    pub async fn add_script(&self, script: &Script) -> Result<(), ServiceError> {
+    pub async fn add_script(&self, script: Script) -> Result<(), ServiceError> {
         self.client.post_void("/scripts", &script).await
     }
 
diff --git a/rust/agama-lib/src/scripts/error.rs b/rust/agama-lib/src/scripts/error.rs
index d6dbc3b3b2..575981aeb7 100644
--- a/rust/agama-lib/src/scripts/error.rs
+++ b/rust/agama-lib/src/scripts/error.rs
@@ -29,4 +29,6 @@ pub enum ScriptError {
     Unreachable(#[from] TransferError),
     #[error("I/O error: '{0}'")]
     InputOutputError(#[from] io::Error),
+    #[error("Wrong script type")]
+    WrongScriptType,
 }
diff --git a/rust/agama-lib/src/scripts/model.rs b/rust/agama-lib/src/scripts/model.rs
index 4c6df019f1..0fe8db8320 100644
--- a/rust/agama-lib/src/scripts/model.rs
+++ b/rust/agama-lib/src/scripts/model.rs
@@ -43,6 +43,34 @@ pub enum ScriptsGroup {
     Init,
 }
 
+#[derive(Clone, Debug, Serialize, Deserialize, utoipa::ToSchema)]
+pub struct BaseScript {
+    pub name: String,
+    #[serde(flatten)]
+    pub source: ScriptSource,
+}
+
+impl BaseScript {
+    fn write<P: AsRef<Path>>(&self, workdir: P) -> Result<(), ScriptError> {
+        let script_path = workdir.as_ref().join(&self.name);
+        std::fs::create_dir_all(&script_path.parent().unwrap())?;
+
+        let mut file = fs::OpenOptions::new()
+            .create(true)
+            .write(true)
+            .truncate(true)
+            .mode(0o500)
+            .open(&script_path)?;
+
+        match &self.source {
+            ScriptSource::Text { body } => write!(file, "{}", &body)?,
+            ScriptSource::Remote { url } => Transfer::get(url, file)?,
+        };
+
+        Ok(())
+    }
+}
+
 #[derive(Clone, Debug, Serialize, Deserialize, utoipa::ToSchema)]
 #[serde(untagged)]
 pub enum ScriptSource {
@@ -53,54 +81,169 @@ pub enum ScriptSource {
 }
 
 /// Represents a script to run as part of the installation process.
+///
+/// There are different types of scripts that can run at different stages of the installation.
 #[derive(Clone, Debug, Serialize, Deserialize, utoipa::ToSchema)]
-pub struct Script {
-    /// Script's name.
-    pub name: String,
-    #[serde(flatten)]
-    pub source: ScriptSource,
-    /// Script's group
-    pub group: ScriptsGroup,
+#[serde(tag = "type")]
+pub enum Script {
+    Pre(PreScript),
+    Post(PostScript),
+    Init(InitScript),
 }
 
 impl Script {
-    /// Runs the script and returns the output.
-    ///
-    /// * `workdir`: where to write assets (script, logs and exit code).
-    pub async fn run(&self, workdir: &Path) -> Result<(), ScriptError> {
-        let dir = workdir.join(self.group.to_string());
-        let path = dir.join(&self.name);
-        let output = process::Command::new(&path).output()?;
-
-        let stdout_log = dir.join(format!("{}.log", &self.name));
-        fs::write(stdout_log, output.stdout)?;
+    fn base(&self) -> &BaseScript {
+        match self {
+            Script::Pre(inner) => &inner.base,
+            Script::Post(inner) => &inner.base,
+            Script::Init(inner) => &inner.base,
+        }
+    }
 
-        let stderr_log = dir.join(format!("{}.err", &self.name));
-        fs::write(stderr_log, output.stderr)?;
+    /// Returns the name of the script.
+    pub fn name(&self) -> &str {
+        self.base().name.as_str()
+    }
 
-        let status_file = dir.join(format!("{}.out", &self.name));
-        fs::write(status_file, output.status.to_string())?;
+    /// Writes the script to the given work directory.
+    ///
+    /// The name of the script depends on the work directory and the script's group.
+    pub fn write<P: AsRef<Path>>(&self, workdir: P) -> Result<(), ScriptError> {
+        let path = workdir.as_ref().join(&self.group().to_string());
+        self.base().write(&path)
+    }
 
-        Ok(())
+    /// Script's group.
+    ///
+    /// It determines whether the script runs.
+    pub fn group(&self) -> ScriptsGroup {
+        match self {
+            Script::Pre(_) => ScriptsGroup::Pre,
+            Script::Post(_) => ScriptsGroup::Post,
+            Script::Init(_) => ScriptsGroup::Init,
+        }
     }
 
-    /// Writes the script to the file system.
+    /// Runs the script in the given work directory.
     ///
-    /// * `path`: path to write the script to.
-    async fn write<P: AsRef<Path>>(&self, path: P) -> Result<(), ScriptError> {
-        let mut file = fs::OpenOptions::new()
-            .create(true)
-            .write(true)
-            .truncate(true)
-            .mode(0o500)
-            .open(&path)?;
+    /// It saves the logs and the exit status of the execution.
+    ///
+    /// * `workdir`: where to run the script.
+    pub fn run<P: AsRef<Path>>(&self, workdir: P) -> Result<(), ScriptError> {
+        let path = workdir
+            .as_ref()
+            .join(self.group().to_string())
+            .join(self.name());
+        let runner = match self {
+            Script::Pre(inner) => &inner.runner(),
+            Script::Post(inner) => &inner.runner(),
+            Script::Init(inner) => &inner.runner(),
+        };
 
-        match &self.source {
-            ScriptSource::Text { body } => write!(file, "{}", &body)?,
-            ScriptSource::Remote { url } => Transfer::get(url, file)?,
+        let Some(runner) = runner else {
+            log::info!("No runner defined for script {:?}", &self);
+            return Ok(());
         };
 
-        Ok(())
+        return runner.run(&path);
+    }
+}
+
+/// Trait to allow getting the runner for a script.
+trait WithRunner {
+    /// Returns the runner for the script if any.
+    fn runner(&self) -> Option<ScriptRunner> {
+        Some(ScriptRunner::default())
+    }
+}
+
+/// Represents a script that runs before the installation starts.
+#[derive(Clone, Debug, Serialize, Deserialize, utoipa::ToSchema)]
+pub struct PreScript {
+    #[serde(flatten)]
+    pub base: BaseScript,
+}
+
+impl From<PreScript> for Script {
+    fn from(value: PreScript) -> Self {
+        Self::Pre(value)
+    }
+}
+
+impl TryFrom<Script> for PreScript {
+    type Error = ScriptError;
+
+    fn try_from(value: Script) -> Result<Self, Self::Error> {
+        match value {
+            Script::Pre(inner) => Ok(inner),
+            _ => Err(ScriptError::WrongScriptType),
+        }
+    }
+}
+
+impl WithRunner for PreScript {}
+
+/// Represents a script that runs after the installation finishes.
+#[derive(Clone, Debug, Serialize, Deserialize, utoipa::ToSchema)]
+pub struct PostScript {
+    #[serde(flatten)]
+    pub base: BaseScript,
+    /// Whether the script should be run in a chroot environment.
+    pub chroot: Option<bool>,
+}
+
+impl From<PostScript> for Script {
+    fn from(value: PostScript) -> Self {
+        Self::Post(value)
+    }
+}
+
+impl TryFrom<Script> for PostScript {
+    type Error = ScriptError;
+
+    fn try_from(value: Script) -> Result<Self, Self::Error> {
+        match value {
+            Script::Post(inner) => Ok(inner),
+            _ => Err(ScriptError::WrongScriptType),
+        }
+    }
+}
+
+impl WithRunner for PostScript {
+    fn runner(&self) -> Option<ScriptRunner> {
+        Some(ScriptRunner::new().with_chroot(self.chroot.unwrap_or(true)))
+    }
+}
+
+/// Represents a script that runs during the first boot of the target system,
+/// once the installation is finished.
+#[derive(Clone, Debug, Serialize, Deserialize, utoipa::ToSchema)]
+pub struct InitScript {
+    #[serde(flatten)]
+    pub base: BaseScript,
+}
+
+impl From<InitScript> for Script {
+    fn from(value: InitScript) -> Self {
+        Self::Init(value)
+    }
+}
+
+impl TryFrom<Script> for InitScript {
+    type Error = ScriptError;
+
+    fn try_from(value: Script) -> Result<Self, Self::Error> {
+        match value {
+            Script::Init(inner) => Ok(inner),
+            _ => Err(ScriptError::WrongScriptType),
+        }
+    }
+}
+
+impl WithRunner for InitScript {
+    /// Returns the runner for the script if any.
+    fn runner(&self) -> Option<ScriptRunner> {
+        None
     }
 }
 
@@ -126,11 +269,8 @@ impl ScriptsRepository {
     /// Adds a new script to the repository.
     ///
     /// * `script`: script to add.
-    pub async fn add(&mut self, script: Script) -> Result<(), ScriptError> {
-        let workdir = self.workdir.join(script.group.to_string());
-        std::fs::create_dir_all(&workdir)?;
-        let path = workdir.join(&script.name);
-        script.write(&path).await?;
+    pub fn add(&mut self, script: Script) -> Result<(), ScriptError> {
+        script.write(&self.workdir)?;
         self.scripts.push(script);
         Ok(())
     }
@@ -148,13 +288,13 @@ impl ScriptsRepository {
     ///
     /// They run in the order they were added to the repository. If does not return an error
     /// if running a script fails, although it logs the problem.
-    pub async fn run(&self, group: ScriptsGroup) -> Result<(), ScriptError> {
-        let scripts: Vec<_> = self.scripts.iter().filter(|s| s.group == group).collect();
+    pub fn run(&self, group: ScriptsGroup) -> Result<(), ScriptError> {
+        let scripts: Vec<_> = self.scripts.iter().filter(|s| s.group() == group).collect();
         for script in scripts {
-            if let Err(error) = script.run(&self.workdir).await {
+            if let Err(error) = script.run(&self.workdir) {
                 log::error!(
                     "Failed to run user-defined script '{}': {:?}",
-                    &script.name,
+                    &script.name(),
                     error
                 );
             }
@@ -172,12 +312,54 @@ impl Default for ScriptsRepository {
     }
 }
 
+/// Implements the logic to run a command.
+///
+/// At this point, it only supports running a command in a chroot environment. In the future, it
+/// might implement support for other features, like progress reporting (like AutoYaST does).
+struct ScriptRunner {
+    chroot: bool,
+}
+
+impl ScriptRunner {
+    fn new() -> Self {
+        Default::default()
+    }
+
+    fn with_chroot(mut self, chroot: bool) -> Self {
+        self.chroot = chroot;
+        self
+    }
+
+    fn run<P: AsRef<Path>>(&self, path: P) -> Result<(), ScriptError> {
+        let path = path.as_ref();
+        let output = if self.chroot {
+            process::Command::new("chroot")
+                .args(["/mnt", &path.to_string_lossy()])
+                .output()?
+        } else {
+            process::Command::new(&path).output()?
+        };
+
+        fs::write(path.with_extension("log"), output.stdout)?;
+        fs::write(path.with_extension("err"), output.stderr)?;
+        fs::write(path.with_extension("out"), output.status.to_string())?;
+
+        Ok(())
+    }
+}
+
+impl Default for ScriptRunner {
+    fn default() -> Self {
+        Self { chroot: false }
+    }
+}
+
 #[cfg(test)]
 mod test {
     use tempfile::TempDir;
     use tokio::test;
 
-    use crate::scripts::{Script, ScriptSource};
+    use crate::scripts::{BaseScript, PreScript, Script, ScriptSource};
 
     use super::{ScriptsGroup, ScriptsRepository};
 
@@ -186,17 +368,20 @@ mod test {
         let tmp_dir = TempDir::with_prefix("scripts-").expect("a temporary directory");
         let mut repo = ScriptsRepository::new(&tmp_dir);
 
-        let script = Script {
+        let base = BaseScript {
             name: "test".to_string(),
             source: ScriptSource::Text {
                 body: "".to_string(),
             },
-            group: ScriptsGroup::Pre,
         };
-        repo.add(script).await.unwrap();
+        let script = Script::Pre(PreScript { base });
+        repo.add(script).unwrap();
 
         let script = repo.scripts.first().unwrap();
-        assert_eq!("test".to_string(), script.name);
+        assert_eq!("test".to_string(), script.name());
+
+        let script_path = tmp_dir.path().join("pre").join("test");
+        assert!(script_path.exists());
     }
 
     #[test]
@@ -205,13 +390,13 @@ mod test {
         let mut repo = ScriptsRepository::new(&tmp_dir);
         let body = "#!/bin/bash\necho hello\necho error >&2".to_string();
 
-        let script = Script {
+        let base = BaseScript {
             name: "test".to_string(),
             source: ScriptSource::Text { body },
-            group: ScriptsGroup::Pre,
         };
-        repo.add(script).await.unwrap();
-        repo.run(ScriptsGroup::Pre).await.unwrap();
+        let script = Script::Pre(PreScript { base });
+        repo.add(script).unwrap();
+        repo.run(ScriptsGroup::Pre).unwrap();
 
         repo.scripts.first().unwrap();
 
@@ -232,12 +417,12 @@ mod test {
         let mut repo = ScriptsRepository::new(&tmp_dir);
         let body = "#!/bin/bash\necho hello\necho error >&2".to_string();
 
-        let script = Script {
+        let base = BaseScript {
             name: "test".to_string(),
             source: ScriptSource::Text { body },
-            group: ScriptsGroup::Pre,
         };
-        repo.add(script).await.unwrap();
+        let script = Script::Pre(PreScript { base });
+        repo.add(script).expect("add the script to the repository");
 
         let script_path = tmp_dir.path().join("pre").join("test");
         assert!(script_path.exists());
diff --git a/rust/agama-lib/src/scripts/settings.rs b/rust/agama-lib/src/scripts/settings.rs
index d4d52ea1ba..d02ff45388 100644
--- a/rust/agama-lib/src/scripts/settings.rs
+++ b/rust/agama-lib/src/scripts/settings.rs
@@ -20,37 +20,18 @@
 
 use serde::{Deserialize, Serialize};
 
-use super::{Script, ScriptSource};
+use super::{InitScript, PostScript, PreScript};
 
 #[derive(Debug, Default, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct ScriptsConfig {
     /// User-defined pre-installation scripts
     #[serde(skip_serializing_if = "Option::is_none")]
-    pub pre: Option<Vec<ScriptConfig>>,
+    pub pre: Option<Vec<PreScript>>,
     /// User-defined post-installation scripts
     #[serde(skip_serializing_if = "Option::is_none")]
-    pub post: Option<Vec<ScriptConfig>>,
+    pub post: Option<Vec<PostScript>>,
     /// User-defined init scripts
     #[serde(skip_serializing_if = "Option::is_none")]
-    pub init: Option<Vec<ScriptConfig>>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-pub struct ScriptConfig {
-    /// Script's name.
-    pub name: String,
-    /// Script's source
-    #[serde(flatten)]
-    pub source: ScriptSource,
-}
-
-impl From<&Script> for ScriptConfig {
-    fn from(value: &Script) -> Self {
-        ScriptConfig {
-            name: value.name.clone(),
-            source: value.source.clone(),
-        }
-    }
+    pub init: Option<Vec<InitScript>>,
 }
diff --git a/rust/agama-lib/src/scripts/store.rs b/rust/agama-lib/src/scripts/store.rs
index ae503fcc1c..2f272bc8aa 100644
--- a/rust/agama-lib/src/scripts/store.rs
+++ b/rust/agama-lib/src/scripts/store.rs
@@ -24,7 +24,7 @@ use crate::{
     software::{model::ResolvableType, SoftwareHTTPClient},
 };
 
-use super::{client::ScriptsClient, settings::ScriptsConfig, Script, ScriptConfig, ScriptsGroup};
+use super::{client::ScriptsClient, settings::ScriptsConfig, Script, ScriptError};
 
 pub struct ScriptsStore {
     scripts: ScriptsClient,
@@ -43,9 +43,9 @@ impl ScriptsStore {
         let scripts = self.scripts.scripts().await?;
 
         Ok(ScriptsConfig {
-            pre: Self::to_script_configs(&scripts, ScriptsGroup::Pre),
-            post: Self::to_script_configs(&scripts, ScriptsGroup::Post),
-            init: Self::to_script_configs(&scripts, ScriptsGroup::Init),
+            pre: Self::scripts_by_type(&scripts),
+            post: Self::scripts_by_type(&scripts),
+            init: Self::scripts_by_type(&scripts),
         })
     }
 
@@ -54,26 +54,20 @@ impl ScriptsStore {
 
         if let Some(scripts) = &settings.pre {
             for pre in scripts {
-                self.scripts
-                    .add_script(&Self::to_script(pre, ScriptsGroup::Pre))
-                    .await?;
+                self.scripts.add_script(pre.clone().into()).await?;
             }
         }
 
         if let Some(scripts) = &settings.post {
             for post in scripts {
-                self.scripts
-                    .add_script(&Self::to_script(post, ScriptsGroup::Post))
-                    .await?;
+                self.scripts.add_script(post.clone().into()).await?;
             }
         }
 
         let mut packages = vec![];
         if let Some(scripts) = &settings.init {
             for init in scripts {
-                self.scripts
-                    .add_script(&Self::to_script(init, ScriptsGroup::Init))
-                    .await?;
+                self.scripts.add_script(init.clone().into()).await?;
             }
             packages.push("agama-scripts");
         }
@@ -84,25 +78,18 @@ impl ScriptsStore {
         Ok(())
     }
 
-    fn to_script(config: &ScriptConfig, group: ScriptsGroup) -> Script {
-        Script {
-            name: config.name.clone(),
-            source: config.source.clone(),
-            group,
-        }
-    }
-
-    fn to_script_configs(scripts: &[Script], group: ScriptsGroup) -> Option<Vec<ScriptConfig>> {
-        let configs: Vec<_> = scripts
+    fn scripts_by_type<T>(scripts: &[Script]) -> Option<Vec<T>>
+    where
+        T: TryFrom<Script, Error = ScriptError> + Clone,
+    {
+        let scripts: Vec<T> = scripts
             .iter()
-            .filter(|s| s.group == group)
-            .map(|s| s.into())
+            .cloned()
+            .filter_map(|s| s.try_into().ok())
             .collect();
-
-        if configs.is_empty() {
+        if scripts.is_empty() {
             return None;
         }
-
-        Some(configs)
+        Some(scripts)
     }
 }
diff --git a/rust/agama-server/src/scripts/web.rs b/rust/agama-server/src/scripts/web.rs
index 6957c20094..17c3413b3f 100644
--- a/rust/agama-server/src/scripts/web.rs
+++ b/rust/agama-server/src/scripts/web.rs
@@ -81,7 +81,7 @@ async fn add_script(
     Json(script): Json<Script>,
 ) -> Result<impl IntoResponse, ScriptServiceError> {
     let mut scripts = state.scripts.write().await;
-    scripts.add(script).await?;
+    scripts.add(script)?;
     Ok(())
 }
 
@@ -132,7 +132,7 @@ async fn run_scripts(
     Json(group): Json<ScriptsGroup>,
 ) -> Result<(), ScriptServiceError> {
     let scripts = state.scripts.write().await;
-    if let Err(error) = scripts.run(group).await {
+    if let Err(error) = scripts.run(group) {
         tracing::error!("Could not run user-defined scripts: {error}");
     }
     Ok(())
diff --git a/rust/package/agama.changes b/rust/package/agama.changes
index e36c9d4b51..b4b5c8ec77 100644
--- a/rust/package/agama.changes
+++ b/rust/package/agama.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Nov 29 12:14:25 UTC 2024 - Imobach Gonzalez Sosa <igonzalezsosa@suse.com>
+
+- Add support for running user-defined post-scripts in a chroot
+ (gh#agama-project/agama#1792).
+
 -------------------------------------------------------------------
 Fri Nov 29 08:57:19 UTC 2024 - Michal Filka <mfilka@suse.com>