summaryrefslogtreecommitdiffstats
path: root/man2/chroot.2
diff options
context:
space:
mode:
Diffstat (limited to 'man2/chroot.2')
-rw-r--r--man2/chroot.2166
1 files changed, 0 insertions, 166 deletions
diff --git a/man2/chroot.2 b/man2/chroot.2
deleted file mode 100644
index bdba54f..0000000
--- a/man2/chroot.2
+++ /dev/null
@@ -1,166 +0,0 @@
-.\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
-.\"
-.\" SPDX-License-Identifier: Linux-man-pages-copyleft
-.\"
-.\" Modified by Michael Haardt <michael@moria.de>
-.\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
-.\" Modified 1994-08-21 by Michael Chastain <mec@shell.portal.com>
-.\" Modified 1996-06-13 by aeb
-.\" Modified 1996-11-06 by Eric S. Raymond <esr@thyrsus.com>
-.\" Modified 1997-08-21 by Joseph S. Myers <jsm28@cam.ac.uk>
-.\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
-.\"
-.TH chroot 2 2023-10-31 "Linux man-pages 6.7"
-.SH NAME
-chroot \- change root directory
-.SH LIBRARY
-Standard C library
-.RI ( libc ", " \-lc )
-.SH SYNOPSIS
-.nf
-.B #include <unistd.h>
-.P
-.BI "int chroot(const char *" path );
-.fi
-.P
-.RS -4
-Feature Test Macro Requirements for glibc (see
-.BR feature_test_macros (7)):
-.RE
-.P
-.BR chroot ():
-.nf
- Since glibc 2.2.2:
- _XOPEN_SOURCE && ! (_POSIX_C_SOURCE >= 200112L)
- || /* Since glibc 2.20: */ _DEFAULT_SOURCE
- || /* glibc <= 2.19: */ _BSD_SOURCE
- Before glibc 2.2.2:
- none
-.fi
-.SH DESCRIPTION
-.BR chroot ()
-changes the root directory of the calling process to that specified in
-.IR path .
-This directory will be used for pathnames beginning with \fI/\fP.
-The root directory is inherited by all children of the calling process.
-.P
-Only a privileged process (Linux: one with the
-.B CAP_SYS_CHROOT
-capability in its user namespace) may call
-.BR chroot ().
-.P
-This call changes an ingredient in the pathname resolution process
-and does nothing else.
-In particular, it is not intended to be used
-for any kind of security purpose, neither to fully sandbox a process nor
-to restrict filesystem system calls.
-In the past,
-.BR chroot ()
-has been used by daemons to restrict themselves prior to passing paths
-supplied by untrusted users to system calls such as
-.BR open (2).
-However, if a folder is moved out of the chroot directory, an attacker
-can exploit that to get out of the chroot directory as well.
-The easiest way to do that is to
-.BR chdir (2)
-to the to-be-moved directory, wait for it to be moved out, then open a
-path like ../../../etc/passwd.
-.P
-.\" This is how the "slightly trickier variation" works:
-.\" https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt#L142
-A slightly
-trickier variation also works under some circumstances if
-.BR chdir (2)
-is not permitted.
-If a daemon allows a "chroot directory" to be specified,
-that usually means that if you want to prevent remote users from accessing
-files outside the chroot directory, you must ensure that folders are never
-moved out of it.
-.P
-This call does not change the current working directory,
-so that after the call \[aq]\fI.\fP\[aq] can
-be outside the tree rooted at \[aq]\fI/\fP\[aq].
-In particular, the superuser can escape from a "chroot jail"
-by doing:
-.P
-.in +4n
-.EX
-mkdir foo; chroot foo; cd ..
-.EE
-.in
-.P
-This call does not close open file descriptors, and such file
-descriptors may allow access to files outside the chroot tree.
-.SH RETURN VALUE
-On success, zero is returned.
-On error, \-1 is returned, and
-.I errno
-is set to indicate the error.
-.SH ERRORS
-Depending on the filesystem, other errors can be returned.
-The more general errors are listed below:
-.TP
-.B EACCES
-Search permission is denied on a component of the path prefix.
-(See also
-.BR path_resolution (7).)
-.\" Also search permission is required on the final component,
-.\" maybe just to guarantee that it is a directory?
-.TP
-.B EFAULT
-.I path
-points outside your accessible address space.
-.TP
-.B EIO
-An I/O error occurred.
-.TP
-.B ELOOP
-Too many symbolic links were encountered in resolving
-.IR path .
-.TP
-.B ENAMETOOLONG
-.I path
-is too long.
-.TP
-.B ENOENT
-The file does not exist.
-.TP
-.B ENOMEM
-Insufficient kernel memory was available.
-.TP
-.B ENOTDIR
-A component of
-.I path
-is not a directory.
-.TP
-.B EPERM
-The caller has insufficient privilege.
-.SH STANDARDS
-None.
-.SH HISTORY
-SVr4, 4.4BSD, SUSv2 (marked LEGACY).
-This function is not part of POSIX.1-2001.
-.\" SVr4 documents additional EINTR, ENOLINK and EMULTIHOP error conditions.
-.\" X/OPEN does not document EIO, ENOMEM or EFAULT error conditions.
-.SH NOTES
-A child process created via
-.BR fork (2)
-inherits its parent's root directory.
-The root directory is left unchanged by
-.BR execve (2).
-.P
-The magic symbolic link,
-.IR /proc/ pid /root ,
-can be used to discover a process's root directory; see
-.BR proc (5)
-for details.
-.P
-FreeBSD has a stronger
-.BR jail ()
-system call.
-.SH SEE ALSO
-.BR chroot (1),
-.BR chdir (2),
-.BR pivot_root (2),
-.BR path_resolution (7),
-.BR switch_root (8)