diff options
author | Warner Losh <imp@FreeBSD.org> | 2020-09-29 18:13:54 +0000 |
---|---|---|
committer | Warner Losh <imp@FreeBSD.org> | 2020-09-29 18:13:54 +0000 |
commit | 61c4a6f317bf9b6a3cc8c42931601f296ad395c7 (patch) | |
tree | 4cd0f0cc498a66683ccea2718bf6fec486f71fb2 /lib | |
parent | dc761d84e2b2853bbad49107b31de0ffb5b5444b (diff) | |
download | src-61c4a6f317bf9b6a3cc8c42931601f296ad395c7.tar.gz src-61c4a6f317bf9b6a3cc8c42931601f296ad395c7.zip |
Updates to chroot(2) docs
1. Note what settings give historic behavior
2. Recommend jail under security considerations.
Notes
Notes:
svn path=/head/; revision=366266
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libc/sys/chroot.2 | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/libc/sys/chroot.2 b/lib/libc/sys/chroot.2 index e72ae172951b..69ee3743d9d3 100644 --- a/lib/libc/sys/chroot.2 +++ b/lib/libc/sys/chroot.2 @@ -28,7 +28,7 @@ .\" @(#)chroot.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 26, 2020 +.Dd September 29, 2020 .Dt CHROOT 2 .Os .Sh NAME @@ -91,7 +91,10 @@ system call. .Pp Any other value for .Ql kern.chroot_allow_open_directories -will bypass the check for open directories +will bypass the check for open directories, +mimicking the historic insecure behavior of +.Fn chroot +still present on other systems. .Sh RETURN VALUES .Rv -std .Sh ERRORS @@ -156,3 +159,7 @@ root, for instance, setup the sandbox so that the sandboxed user will have no write access to any well-known system directories. +.Pp +For complete isolation from the rest of the system, use +.Xr jail 2 +instead. |