chroot(2)
NAME
chroot - change root directory
SYNOPSIS
#include <unistd.h> int chroot(const char *path);
DESCRIPTION
chroot() changes the root directory of the calling process to that
specified in path. This directory will be used for pathnames beginning
with /. The root directory is inherited by all children of the calling
process.
Only a privileged process (Linux: one with the CAP_SYS_CHROOT capability) may call chroot().
This call changes an ingredient in the pathname resolution process and
does nothing else.
- This call does not change the current working directory, so that after
the call '.' can be outside the tree rooted at '/'. In particular, the
superuser can escape from a "chroot jail" by doing:
- mkdir foo; chroot foo; cd ..
- This call does not close open file descriptors, and such file descriptors may allow access to files outside the chroot tree.
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is
set appropriately.
ERRORS
Depending on the file system, other errors can be returned. The more
general errors are listed below:
- EACCES Search permission is denied on a component of the path prefix.
- (See also path_resolution(7).)
- EFAULT path points outside your accessible address space.
- EIO An I/O error occurred.
- ELOOP Too many symbolic links were encountered in resolving path.
- ENAMETOOLONG
- path is too long.
- ENOENT The file does not exist.
- ENOMEM Insufficient kernel memory was available.
- ENOTDIR
- A component of path is not a directory.
- EPERM The caller has insufficient privilege.
CONFORMING TO
SVr4, 4.4BSD, SUSv2 (marked LEGACY). This function is not part of
POSIX.1-2001.
NOTES
A child process created via fork(2) inherits its parent's root directory. The root directory is left unchanged by execve(2).
FreeBSD has a stronger jail() system call.
SEE ALSO
COLOPHON
- This page is part of release 3.25 of the Linux man-pages project. A
description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.