|CHROOT(2)||System Calls Manual||CHROOT(2)|
chroot() causes dirname to become the root directory, that is, the starting point for path searches of pathnames beginning with ‘
In order for a directory to become the root directory a process must have execute (search) access for that directory.
If the program is not currently running with an altered root
directory, it should be noted that
chroot() has no
effect on the process's current directory.
If the program is already running with an altered root directory, the process's current directory is changed to the same new root directory. This prevents the current directory from being further up the directory tree than the altered root directory.
This call is restricted to the superuser.
#include <err.h> #include <unistd.h> if (chroot(newroot) != 0 || chdir("/") != 0) err(1, "%s", newroot); setresuid(getuid(), getuid(), getuid());
chroot() will fail and the root directory will be unchanged if:
NAME_MAXcharacters, or an entire pathname (including the terminating NUL) exceeded
chroot() system call first appeared in Version 7 AT&T UNIX. recvmsg(2) from outside the chroot jail may also allow a process to escape.
|January 22, 2015||OpenBSD-current|