Privilege reduction
chroot
mechanism (or jail)
chroot
mechanism (or jail)Used to reduce the visibility of a file system.
Each process descriptor has a root i-node number.
From which absolute pathname resolution takes place.
chroot
changes it to an arbitrary directory.The process file system view gets reduced.
Used to protect the file system from potentially problematic applications.
e.g. public servers and downloaded applications.
But it is not bulletproof!
Last updated