summaryrefslogtreecommitdiffstats
path: root/man2/chroot.2
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 19:41:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 19:41:07 +0000
commit3af6d22bb3850ab2bac67287e3a3d3b0e32868e5 (patch)
tree3ee7a3ec64525911fa865bb984c86d997d855527 /man2/chroot.2
parentAdding debian version 6.05.01-1. (diff)
downloadmanpages-3af6d22bb3850ab2bac67287e3a3d3b0e32868e5.tar.xz
manpages-3af6d22bb3850ab2bac67287e3a3d3b0e32868e5.zip
Merging upstream version 6.7.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--man2/chroot.224
1 files changed, 12 insertions, 12 deletions
diff --git a/man2/chroot.2 b/man2/chroot.2
index d872b8a..bdba54f 100644
--- a/man2/chroot.2
+++ b/man2/chroot.2
@@ -10,7 +10,7 @@
.\" Modified 1997-08-21 by Joseph S. Myers <jsm28@cam.ac.uk>
.\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
.\"
-.TH chroot 2 2023-04-03 "Linux man-pages 6.05.01"
+.TH chroot 2 2023-10-31 "Linux man-pages 6.7"
.SH NAME
chroot \- change root directory
.SH LIBRARY
@@ -19,15 +19,15 @@ Standard C library
.SH SYNOPSIS
.nf
.B #include <unistd.h>
-.PP
+.P
.BI "int chroot(const char *" path );
.fi
-.PP
+.P
.RS -4
Feature Test Macro Requirements for glibc (see
.BR feature_test_macros (7)):
.RE
-.PP
+.P
.BR chroot ():
.nf
Since glibc 2.2.2:
@@ -43,12 +43,12 @@ changes the root directory of the calling process to that specified in
.IR path .
This directory will be used for pathnames beginning with \fI/\fP.
The root directory is inherited by all children of the calling process.
-.PP
+.P
Only a privileged process (Linux: one with the
.B CAP_SYS_CHROOT
capability in its user namespace) may call
.BR chroot ().
-.PP
+.P
This call changes an ingredient in the pathname resolution process
and does nothing else.
In particular, it is not intended to be used
@@ -65,7 +65,7 @@ The easiest way to do that is to
.BR chdir (2)
to the to-be-moved directory, wait for it to be moved out, then open a
path like ../../../etc/passwd.
-.PP
+.P
.\" This is how the "slightly trickier variation" works:
.\" https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt#L142
A slightly
@@ -76,19 +76,19 @@ If a daemon allows a "chroot directory" to be specified,
that usually means that if you want to prevent remote users from accessing
files outside the chroot directory, you must ensure that folders are never
moved out of it.
-.PP
+.P
This call does not change the current working directory,
so that after the call \[aq]\fI.\fP\[aq] can
be outside the tree rooted at \[aq]\fI/\fP\[aq].
In particular, the superuser can escape from a "chroot jail"
by doing:
-.PP
+.P
.in +4n
.EX
mkdir foo; chroot foo; cd ..
.EE
.in
-.PP
+.P
This call does not close open file descriptors, and such file
descriptors may allow access to files outside the chroot tree.
.SH RETURN VALUE
@@ -148,13 +148,13 @@ A child process created via
inherits its parent's root directory.
The root directory is left unchanged by
.BR execve (2).
-.PP
+.P
The magic symbolic link,
.IR /proc/ pid /root ,
can be used to discover a process's root directory; see
.BR proc (5)
for details.
-.PP
+.P
FreeBSD has a stronger
.BR jail ()
system call.