diff options
Diffstat (limited to '')
-rw-r--r-- | man2/chroot.2 | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/man2/chroot.2 b/man2/chroot.2 index d872b8a..bdba54f 100644 --- a/man2/chroot.2 +++ b/man2/chroot.2 @@ -10,7 +10,7 @@ .\" Modified 1997-08-21 by Joseph S. Myers <jsm28@cam.ac.uk> .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com> .\" -.TH chroot 2 2023-04-03 "Linux man-pages 6.05.01" +.TH chroot 2 2023-10-31 "Linux man-pages 6.7" .SH NAME chroot \- change root directory .SH LIBRARY @@ -19,15 +19,15 @@ Standard C library .SH SYNOPSIS .nf .B #include <unistd.h> -.PP +.P .BI "int chroot(const char *" path ); .fi -.PP +.P .RS -4 Feature Test Macro Requirements for glibc (see .BR feature_test_macros (7)): .RE -.PP +.P .BR chroot (): .nf Since glibc 2.2.2: @@ -43,12 +43,12 @@ changes the root directory of the calling process to that specified in .IR path . This directory will be used for pathnames beginning with \fI/\fP. The root directory is inherited by all children of the calling process. -.PP +.P Only a privileged process (Linux: one with the .B CAP_SYS_CHROOT capability in its user namespace) may call .BR chroot (). -.PP +.P This call changes an ingredient in the pathname resolution process and does nothing else. In particular, it is not intended to be used @@ -65,7 +65,7 @@ The easiest way to do that is to .BR chdir (2) to the to-be-moved directory, wait for it to be moved out, then open a path like ../../../etc/passwd. -.PP +.P .\" This is how the "slightly trickier variation" works: .\" https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt#L142 A slightly @@ -76,19 +76,19 @@ If a daemon allows a "chroot directory" to be specified, that usually means that if you want to prevent remote users from accessing files outside the chroot directory, you must ensure that folders are never moved out of it. -.PP +.P This call does not change the current working directory, so that after the call \[aq]\fI.\fP\[aq] can be outside the tree rooted at \[aq]\fI/\fP\[aq]. In particular, the superuser can escape from a "chroot jail" by doing: -.PP +.P .in +4n .EX mkdir foo; chroot foo; cd .. .EE .in -.PP +.P This call does not close open file descriptors, and such file descriptors may allow access to files outside the chroot tree. .SH RETURN VALUE @@ -148,13 +148,13 @@ A child process created via inherits its parent's root directory. The root directory is left unchanged by .BR execve (2). -.PP +.P The magic symbolic link, .IR /proc/ pid /root , can be used to discover a process's root directory; see .BR proc (5) for details. -.PP +.P FreeBSD has a stronger .BR jail () system call. |