Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

12
  • 1
    This won't work in OpenBSD because it has random PIDs; the root process is basically never PID 1. Now you know why! Commented Jan 16, 2015 at 5:59
  • @AdamKatz "... with a couple of obvious exceptions, e.g., init(8)." So which is it? Commented Jan 16, 2015 at 9:40
  • @muru: aw, shucks. You've shot me down. I'm not sure why init(8) would absolutely need to have the #1 slot unless there's some kind of hard-coded nature that requires it (in which I'd still be unsure as to why). Of course, the BSDs have much more advanced jails than just chroot, so I'm not even sure how problematic this is. Commented Jan 16, 2015 at 10:02
  • 5
    @AdamKatz It's the opposite: pid 1 has a special role (it must reap zombies, and it is immune to SIGKILL). The init program is an implementation of that role. The reason my answer doesn't work in OpenBSD has nothing to do with this: it's because OpenBSD doesn't have anything like Solaris/Linux's /proc. My answer wasn't meant to address anything but Linux anyway. Commented Jan 16, 2015 at 11:40
  • 3
    @Vouze No, having /proc mounted is not a security flaw, because chroot alone is not a security mechanism. You can get security from chroot only if the processes running in the chroot run with separate user IDs from processes running outside the chroot. Otherwise chroot does not protect you, for example, from a process that kills or ptraces another process that's running outside the chroot. In that case /proc/$pid/root does not permit bypassing the chroot. Commented Jan 11, 2018 at 19:00