> I am eager to be able to sandbox my processes on a system without the
> help of suid-root programs (as I prefer to have none of these on my
> system).
Probably an impossible task...
> Would it be reasonable to allow non-root processes to chroot(), if the
> chroot syscall also changed the cwd for non-root processes?
No.
fd = open("/", O_RDONLY);
chroot("/tmp");
fchdir(fd);
and you're out of the chroot.
> Is there a reason besides standards compliance that chroot() does not
> already change directory to the chroot'd directory for root processes?
> Would it actually break existing apps if it did change the directory?
Probably not. Make that: change the directory to chroot'd directory if
the current working directory is outside the chroot. That is, leave
the cwd alone if it is already inside the chroot.
Phil.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/