Subject: Re: chroot(2)
To: None <>
From: Warner Losh <>
List: tech-kern
Date: 10/06/1998 01:02:02
In message <199810060354.XAA15849@Twig.Rodents.Montreal.QC.CA> der
Mouse writes:
: chroot is not a jail.  It can be part of a jail.  It can also be used
: for other, completely different, purposes, many of which would be
: broken by having it magically do a bunch of things to turn it into a
: jail.

The whole point of chroot is to make it possible to have a sandbox
that can do whatever it wants w/o impacting the running of a system,
within some well known limits.  Loading an LKM impacts the entire
system, by definition.

: This is not to say that the missing pieces of a jail shouldn't be
: added.  Just that they shouldn't be confused with chroot(2).  The
: reason I've been talking about having chroot(2) ever do anything
: magical for anyone is to keep non-root processes that are in jails
: from (ab)using chroot(2) to break out of the chroot portion of the
: jail.  Ideally, there would be two ways to chroot, a jail way and a
: non-jail way.  tar, which IIRC is what started this discussion, would
: want to do a non-jail chroot; other things would want to do a jail
: chroot.  I haven't thought much about how this interacts with non-root
: processes....

There needs to be some way to make chroot safe for the KIDZ w/o
impacting the system.  If this is done with additional system calls
(eg don't let this process, or any of its children, use root as ROOT),
then that is fine too.