NAMEchroot_safe - Chroot dynamically linked applications in a sane and safe manner
SYNOPSISchroot_safe user chroot_directory application [arguments...]
DESCRIPTIONchroot_safe is a tool to chroot any application in a safe and sane manner without requring binaries, shared libraries etc within the chroot or any support from the application. Works with any dynamically linked application.
Normally when you chroot applications not having native support for chroot there is a number of obstacles to overcome
Shortcomings 3 & 4 can be addressed by writing a small tool replacing chroot, but you still have limitations 1 & 2.
chroot_safe addresses all four of these shortcomings by at runtime linking instrument the application to perform a full chroot and drop all root privileges just after dynamic linking has completed but before the application as such is started. This is done via a small LD_PRELOAD stub and a shell wrapper giving instructions on how to chroot.
EXAMPLESHere is a silly example demonstrating the power of this application: chroot "ls -l" to /tmp in a safe manner without needing to prepare anything in /tmp
Note: This example does not work on FreeBSD or other platforms where ls is statically linked.
You can also find a howto chroot an anonymous CVS server online at the chroot_safe website
NOTESThis application utilizes some shared library loading tricks to instrument the application with the required chroot hooks. Because of this it won't work on statically linked applications.
If there is any problem chrooting the application an error message is printed on stderr, and execution of the application is terminated.
Root privileges are required to chroot applications.
For details on the inner workings see the comments in the source.
AUTHORHenrik Nordstrom <email@example.com>
REPORTING BUGSSend bug fixes or improvements to the author
SEE ALSOchroot(8), su(1), http://chrootsafe.sourceforge.net/
Visit the GSP FreeBSD Man Page Interface.