Privilege reduction
chroot mechanism (or jail)
chroot mechanism (or jail)Used to reduce the visibility of a file system.
Each process descriptor has a root i-node number.
From which absolute pathname resolution takes place.
chrootchanges it to an arbitrary directory.The process file system view gets reduced.
Used to protect the file system from potentially problematic applications.
e.g. public servers and downloaded applications.
But it is not bulletproof!
Last updated