2004-11-03 13:51:07 +00:00
|
|
|
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\"
|
|
|
|
.\" Modified by Michael Haardt <michael@moria.de>
|
|
|
|
.\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
|
|
|
|
.\" Modified 1994-08-21 by Michael Chastain <mec@shell.portal.com>
|
|
|
|
.\" Modified 1996-06-13 by aeb
|
|
|
|
.\" Modified 1996-11-06 by Eric S. Raymond <esr@thyrsus.com>
|
|
|
|
.\" Modified 1997-08-21 by Joseph S. Myers <jsm28@cam.ac.uk>
|
2004-11-03 14:43:40 +00:00
|
|
|
.\" Modified 2004-06-23 by Michael Kerrisk <mtk-manpages@gmx.net>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
|
|
|
.TH CHROOT 2 2004-06-23 "Linux 2.6.7" "Linux Programmer's Manual"
|
|
|
|
.SH NAME
|
|
|
|
chroot \- change root directory
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B #include <unistd.h>
|
|
|
|
.sp
|
|
|
|
.BI "int chroot(const char *" path );
|
|
|
|
.SH DESCRIPTION
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR chroot ()
|
2004-11-03 13:51:07 +00:00
|
|
|
changes the root directory to that specified in
|
|
|
|
.IR path .
|
2006-02-12 22:19:08 +00:00
|
|
|
This directory will be used for pathnames beginning with /. The root
|
2004-11-03 13:51:07 +00:00
|
|
|
directory is inherited by all children of the current process.
|
|
|
|
|
|
|
|
Only a privileged process (Linux: one with the
|
|
|
|
.B CAP_SYS_CHROOT
|
|
|
|
capability) may call
|
|
|
|
.BR chroot (2).
|
|
|
|
|
|
|
|
This call changes an ingredient in the pathname resolution process
|
|
|
|
and does nothing else.
|
|
|
|
|
|
|
|
This call does not change the current working directory,
|
|
|
|
so that after the call `.' can be outside the tree rooted at `/'.
|
2004-11-10 18:17:26 +00:00
|
|
|
In particular, the superuser can escape from a `chroot jail'
|
2004-11-03 13:51:07 +00:00
|
|
|
by doing `mkdir foo; chroot foo; cd ..'.
|
|
|
|
|
|
|
|
This call does not close open file descriptors, and such file
|
|
|
|
descriptors may allow access to files outside the chroot tree.
|
|
|
|
|
|
|
|
.SH "RETURN VALUE"
|
|
|
|
On success, zero is returned. On error, \-1 is returned, and
|
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
|
|
|
Depending on the file system, other errors can be returned. The more
|
|
|
|
general errors are listed below:
|
|
|
|
.TP
|
|
|
|
.B EACCES
|
|
|
|
Search permission is denied on a component of the path prefix.
|
|
|
|
(See also
|
|
|
|
.BR path_resolution (2).)
|
|
|
|
.\" Also search permission is required on the final component,
|
|
|
|
.\" maybe just to guarantee that it is a directory?
|
|
|
|
.TP
|
|
|
|
.B EFAULT
|
|
|
|
.I path
|
|
|
|
points outside your accessible address space.
|
|
|
|
.TP
|
|
|
|
.B EIO
|
|
|
|
An I/O error occurred.
|
|
|
|
.TP
|
|
|
|
.B ELOOP
|
|
|
|
Too many symbolic links were encountered in resolving
|
|
|
|
.IR path .
|
|
|
|
.TP
|
|
|
|
.B ENAMETOOLONG
|
|
|
|
.I path
|
|
|
|
is too long.
|
|
|
|
.TP
|
|
|
|
.B ENOENT
|
|
|
|
The file does not exist.
|
|
|
|
.TP
|
|
|
|
.B ENOMEM
|
|
|
|
Insufficient kernel memory was available.
|
|
|
|
.TP
|
|
|
|
.B ENOTDIR
|
|
|
|
A component of
|
|
|
|
.I path
|
|
|
|
is not a directory.
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
The caller has insufficient privilege.
|
|
|
|
.SH "CONFORMING TO"
|
|
|
|
SVr4, SVID, 4.4BSD, X/OPEN. This function is not part of POSIX.1.
|
|
|
|
SVr4 documents additional EINTR, ENOLINK and EMULTIHOP error conditions.
|
|
|
|
X/OPEN does not document EIO, ENOMEM or EFAULT error conditions.
|
|
|
|
This interface is marked as legacy by X/OPEN.
|
|
|
|
.SH NOTES
|
|
|
|
FreeBSD has a stronger
|
2005-11-02 11:34:24 +00:00
|
|
|
.BR jail ()
|
2004-11-03 13:51:07 +00:00
|
|
|
system call.
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR chdir (2),
|
|
|
|
.BR path_resolution (2)
|