CHROOT(2) OpenBSD Programmer's Manual CHROOT(2)NAMEchroot - change root directory
SYNOPSIS
#include <unistd.h>
int
chroot(const char *dirname);
DESCRIPTION
dirname is the address of the pathname of a directory, terminated by an
ASCII NUL. chroot() causes dirname to become the root directory, that
is, the starting point for path searches of pathnames beginning with `/'.
In order for a directory to become the root directory a process must have
execute (search) access for that directory.
If the program is not currently running with an altered root directory,
it should be noted that chroot() has no effect on the process's current
directory.
If the program is already running with an altered root directory, the
process's current directory is changed to the same new root directory.
This prevents the current directory from being further up the directory
tree than the altered root directory.
This call is restricted to the superuser.
RETURN VALUES
Upon successful completion, a value of 0 is returned. Otherwise, a value
of -1 is returned and errno is set to indicate an error.
EXAMPLES
The following example changes the root directory to newroot, sets the
current directory to the new root, and drops some setuid privileges.
There may be other privileges which need to be dropped as well.
#include <err.h>
#include <unistd.h>
if (chroot(newroot) != 0 || chdir("/") != 0)
err(1, "%s", newroot);
setresuid(getuid(), getuid(), getuid());
ERRORSchroot() will fail and the root directory will be unchanged if:
[ENOTDIR] A component of the path name is not a directory.
[ENAMETOOLONG]
A component of a pathname exceeded {NAME_MAX} characters,
or an entire path name exceeded {PATH_MAX} characters.
[ENOENT] The named directory does not exist.
[EACCES] Search permission is denied for any component of the path
name.
[ELOOP] Too many symbolic links were encountered in translating the
pathname.
[EFAULT] dirname points outside the process's allocated address
space.
[EIO] An I/O error occurred while reading from or writing to the
file system.
[EPERM] The caller is not the superuser.
SEE ALSOchdir(2)HISTORY
The chroot() function call appeared in 4.2BSD.
CAVEATS
There are ways for a root process to escape from the chroot jail.
OpenBSD 4.9 February 11, 2011 OpenBSD 4.9