2004-11-03 13:51:07 +00:00
|
|
|
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
2007-04-12 22:42:49 +00:00
|
|
|
.\"
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
2007-04-12 22:42:49 +00:00
|
|
|
.\"
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\"
|
|
|
|
.\" Modified by Michael Haardt <michael@moria.de>
|
|
|
|
.\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
|
|
|
|
.\" Modified 1994-08-21 by Michael Chastain <mec@shell.portal.com>
|
|
|
|
.\" Modified 1996-06-13 by aeb
|
|
|
|
.\" Modified 1996-11-06 by Eric S. Raymond <esr@thyrsus.com>
|
|
|
|
.\" Modified 1997-08-21 by Joseph S. Myers <jsm28@cam.ac.uk>
|
2007-09-20 06:52:22 +00:00
|
|
|
.\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
_exit.2, brk.2, capget.2, chdir.2, chmod.2, chown.2, chroot.2, getdtablesize.2, gethostname.2, getpagesize.2, getsid.2, killpg.2, mknod.2, mknodat.2, poll.2, posix_fadvise.2, pread.2, readlink.2, setpgid.2, setreuid.2, sigaltstack.2, stat.2, symlink.2, sync.2, truncate.2, vfork.2, wait.2, wait4.2, a64l.3, abs.3, acos.3, acosh.3, asin.3, asinh.3, atan.3, atan2.3, atoi.3, cbrt.3, ceil.3, copysign.3, cosh.3, dirfd.3, div.3, ecvt.3, erf.3, erfc.3, exp.3, exp2.3, fabs.3, fdim.3, ffs.3, floor.3, fma.3, fmax.3, fmin.3, fmod.3, fpclassify.3, frexp.3, ftw.3, fwide.3, gcvt.3, getcwd.3, getdate.3, getgrent.3, gethostid.3, getpass.3, getpwent.3, getsubopt.3, getw.3, hypot.3, ilogb.3, index.3, isalpha.3, isgreater.3, iswblank.3, j0.3, ldexp.3, lockf.3, log.3, log10.3, log1p.3, logb.3, lrint.3, lround.3, mkstemp.3, mktemp.3, modf.3, mq_receive.3, mq_send.3, nan.3, nextafter.3, posix_fallocate.3, posix_memalign.3, printf.3, qecvt.3, random.3, realpath.3, remainder.3, remquo.3, rint.3, round.3, scalb.3, scalbln.3, scanf.3, siginterrupt.3, signbit.3, sigset.3, sinh.3, sqrt.3, strcasecmp.3, strcat.3, strchr.3, strcmp.3, strcoll.3, strcpy.3, strfry.3, strpbrk.3, strsep.3, strspn.3, strstr.3, strtod.3, strtok.3, strtol.3, strtoul.3, strxfrm.3, tanh.3, tgamma.3, trunc.3, ttyslot.3, ualarm.3, usleep.3, wprintf.3, armscii-8.7, cp1251.7, iso_8859-10.7, iso_8859-11.7, iso_8859-13.7, iso_8859-14.7, iso_8859-3.7, iso_8859-5.7, iso_8859-6.7, iso_8859-8.7, koi8-u.7: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-09-19 17:19:13 +00:00
|
|
|
.TH CHROOT 2 2010-09-20 "Linux" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
|
|
|
chroot \- change root directory
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B #include <unistd.h>
|
|
|
|
.sp
|
|
|
|
.BI "int chroot(const char *" path );
|
2010-09-17 15:02:43 +00:00
|
|
|
.sp
|
|
|
|
.in -4n
|
|
|
|
Feature Test Macro Requirements for glibc (see
|
|
|
|
.BR feature_test_macros (7)):
|
|
|
|
.in
|
|
|
|
.sp
|
|
|
|
.BR chroot ():
|
|
|
|
.ad l
|
|
|
|
.RS 4
|
|
|
|
.PD 0
|
|
|
|
.TP 4
|
|
|
|
Since glibc 2.2.2:
|
|
|
|
.nf
|
|
|
|
_BSD_SOURCE ||
|
brk.2, chroot.2, faccessat.2, fchmodat.2, fchownat.2, fstatat.2, futimesat.2, getdtablesize.2, getpagesize.2, getsid.2, linkat.2, mkdirat.2, mknodat.2, openat.2, pread.2, readlinkat.2, renameat.2, setpgid.2, sigaltstack.2, symlinkat.2, sync.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, unlinkat.2, utimensat.2, vfork.2, acosh.3, asinh.3, atanh.3, dirfd.3, dprintf.3, ecvt.3, expm1.3, fexecve.3, fmemopen.3, gcvt.3, getcwd.3, gethostid.3, getpass.3, getsubopt.3, getw.3, mbsnrtowcs.3, mkfifoat.3, mkstemp.3, mktemp.3, opendir.3, posix_memalign.3, rint.3, siginterrupt.3, stpcpy.3, stpncpy.3, strdup.3, strerror.3, strnlen.3, strsignal.3, strtol.3, strtoul.3, ualarm.3, usleep.3, wcpcpy.3, wcpncpy.3, wcscasecmp.3, wcsdup.3, wcsncasecmp.3, wcsnlen.3, wcsnrtombs.3: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-09-19 06:02:38 +00:00
|
|
|
(_XOPEN_SOURCE\ >=\ 500 ||
|
brk.2, chroot.2, vfork.2, ecvt.3, gcvt.3, getcwd.3, getpass.3, mktemp.3, posix_memalign.3, strdup.3, ttyslot.3, ualarm.3, usleep.3: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-09-26 15:46:36 +00:00
|
|
|
_XOPEN_SOURCE\ &&\ _XOPEN_SOURCE_EXTENDED) &&
|
brk.2, chroot.2, faccessat.2, fchmodat.2, fchownat.2, fstatat.2, futimesat.2, getdtablesize.2, getpagesize.2, getsid.2, linkat.2, mkdirat.2, mknodat.2, openat.2, pread.2, readlinkat.2, renameat.2, setpgid.2, sigaltstack.2, symlinkat.2, sync.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, unlinkat.2, utimensat.2, vfork.2, acosh.3, asinh.3, atanh.3, dirfd.3, dprintf.3, ecvt.3, expm1.3, fexecve.3, fmemopen.3, gcvt.3, getcwd.3, gethostid.3, getpass.3, getsubopt.3, getw.3, mbsnrtowcs.3, mkfifoat.3, mkstemp.3, mktemp.3, opendir.3, posix_memalign.3, rint.3, siginterrupt.3, stpcpy.3, stpncpy.3, strdup.3, strerror.3, strnlen.3, strsignal.3, strtol.3, strtoul.3, ualarm.3, usleep.3, wcpcpy.3, wcpncpy.3, wcscasecmp.3, wcsdup.3, wcsncasecmp.3, wcsnlen.3, wcsnrtombs.3: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-09-19 06:02:38 +00:00
|
|
|
!(_POSIX_C_SOURCE\ >=\ 200112L || _XOPEN_SOURCE\ >=\ 600)
|
2010-09-17 15:02:43 +00:00
|
|
|
.TP 4
|
|
|
|
.fi
|
|
|
|
Before glibc 2.2.2: none
|
|
|
|
.PD
|
|
|
|
.RE
|
|
|
|
.ad b
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH DESCRIPTION
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR chroot ()
|
2008-06-11 06:41:06 +00:00
|
|
|
changes the root directory of the calling process to that specified in
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR path .
|
2007-12-17 16:43:24 +00:00
|
|
|
This directory will be used for pathnames beginning with \fI/\fP.
|
2007-12-27 16:06:35 +00:00
|
|
|
The root directory is inherited by all children of the calling process.
|
2004-11-03 13:51:07 +00:00
|
|
|
|
|
|
|
Only a privileged process (Linux: one with the
|
|
|
|
.B CAP_SYS_CHROOT
|
|
|
|
capability) may call
|
2007-11-24 10:10:39 +00:00
|
|
|
.BR chroot ().
|
2004-11-03 13:51:07 +00:00
|
|
|
|
|
|
|
This call changes an ingredient in the pathname resolution process
|
|
|
|
and does nothing else.
|
|
|
|
|
|
|
|
This call does not change the current working directory,
|
2008-06-09 15:49:35 +00:00
|
|
|
so that after the call \(aq\fI.\fP\(aq can
|
|
|
|
be outside the tree rooted at \(aq\fI/\fP\(aq.
|
2007-12-17 16:43:24 +00:00
|
|
|
In particular, the superuser can escape from a "chroot jail"
|
|
|
|
by doing:
|
|
|
|
.nf
|
|
|
|
|
|
|
|
mkdir foo; chroot foo; cd ..
|
|
|
|
.fi
|
2004-11-03 13:51:07 +00:00
|
|
|
|
|
|
|
This call does not close open file descriptors, and such file
|
|
|
|
descriptors may allow access to files outside the chroot tree.
|
|
|
|
.SH "RETURN VALUE"
|
2007-04-12 22:42:49 +00:00
|
|
|
On success, zero is returned.
|
|
|
|
On error, \-1 is returned, and
|
2004-11-03 13:51:07 +00:00
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
2007-04-12 22:42:49 +00:00
|
|
|
Depending on the file system, other errors can be returned.
|
|
|
|
The more general errors are listed below:
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B EACCES
|
|
|
|
Search permission is denied on a component of the path prefix.
|
|
|
|
(See also
|
2007-05-26 12:41:39 +00:00
|
|
|
.BR path_resolution (7).)
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Also search permission is required on the final component,
|
|
|
|
.\" maybe just to guarantee that it is a directory?
|
|
|
|
.TP
|
|
|
|
.B EFAULT
|
|
|
|
.I path
|
|
|
|
points outside your accessible address space.
|
|
|
|
.TP
|
|
|
|
.B EIO
|
|
|
|
An I/O error occurred.
|
|
|
|
.TP
|
|
|
|
.B ELOOP
|
|
|
|
Too many symbolic links were encountered in resolving
|
|
|
|
.IR path .
|
|
|
|
.TP
|
|
|
|
.B ENAMETOOLONG
|
|
|
|
.I path
|
|
|
|
is too long.
|
|
|
|
.TP
|
|
|
|
.B ENOENT
|
|
|
|
The file does not exist.
|
|
|
|
.TP
|
|
|
|
.B ENOMEM
|
|
|
|
Insufficient kernel memory was available.
|
|
|
|
.TP
|
|
|
|
.B ENOTDIR
|
|
|
|
A component of
|
|
|
|
.I path
|
|
|
|
is not a directory.
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
The caller has insufficient privilege.
|
|
|
|
.SH "CONFORMING TO"
|
2007-04-12 22:42:49 +00:00
|
|
|
SVr4, 4.4BSD, SUSv2 (marked LEGACY).
|
2006-08-03 13:57:17 +00:00
|
|
|
This function is not part of POSIX.1-2001.
|
|
|
|
.\" SVr4 documents additional EINTR, ENOLINK and EMULTIHOP error conditions.
|
|
|
|
.\" X/OPEN does not document EIO, ENOMEM or EFAULT error conditions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NOTES
|
2006-07-22 14:26:12 +00:00
|
|
|
A child process created via
|
|
|
|
.BR fork (2)
|
|
|
|
inherits its parent's root directory.
|
|
|
|
The root directory is left unchanged by
|
|
|
|
.BR execve (2).
|
|
|
|
|
2004-11-03 13:51:07 +00:00
|
|
|
FreeBSD has a stronger
|
2005-11-02 11:34:24 +00:00
|
|
|
.BR jail ()
|
2004-11-03 13:51:07 +00:00
|
|
|
system call.
|
2007-06-13 21:48:16 +00:00
|
|
|
.\" FIXME . eventually say something about containers,
|
2006-07-22 14:26:12 +00:00
|
|
|
.\" virtual servers, etc.?
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR chdir (2),
|
2007-05-26 12:41:39 +00:00
|
|
|
.BR path_resolution (7)
|