̾??

chroot — ?롼?ȥǥ??쥯?ȥ????ѹ?????

?饤?֥???

Standard C Library (libc, -lc)

????

<unistd.h> int chroot(const char *dirname)

????

dirname ?????ϡ?ASCII ?Υ̥?ʸ???ǽ?λ?????ǥ??쥯?ȥ??Υѥ?̾?Υ??ɥ쥹?Ǥ??? chroot() ?????ƥॳ?????ϡ? dirname ???롼?ȥǥ??쥯?ȥꡢ???ʤ????? ‘/’ ?ǳ??Ϥ????ѥ?̾?Υѥ??????? ???????ˤ??ޤ???

?ǥ??쥯?ȥ꤬?롼?ȥǥ??쥯?ȥ??ˤʤ뤿???ˤϡ? ?ץ??????ˤ??Υǥ??쥯?ȥ??ؤμ¹? (????) ???Ĥ??ʤ????Фʤ??ޤ?????

chroot() ?ϥץ??????θ??ߤΥǥ??쥯?ȥ??˱ƶ????ʤ????Ȥ????դ???ɬ?פ??????ޤ???

???δؿ????ƤӽФ????Τϥ????ѥ桼???ΤߤǤ???

?ǥ??쥯?ȥ??򻲾Ȥ??륪???ץ??ե????뵭?һҤ?¸?ߤ??????硢 chroot() ?ƤӽФ??? sysctl ?ѿ? ‘kern.chroot_allow_open_directories’ ???????˽????????Τ褦?˼??Ԥ??ޤ?:

‘kern.chroot_allow_open_directories’ ?? 0 ?????ꤵ???Ƥ??????硢?ǥ??쥯?ȥ꤬?????ץ󤵤??Ƥ????? chroot() ?Ͼ??? EPERM ?Ǽ??Ԥ??ޤ???

‘kern.chroot_allow_open_directories’ ?? 1 ?????ꤵ???Ƥ??????? (?ǥե?????)?? ?ǥ??쥯?ȥ꤬?????ץ󤵤??Ƥ??ơ????Υץ??????? chroot() ?????ƥॳ?????αƶ????????????? chroot() ?? EPERM ?Ǽ??Ԥ??ޤ???

‘kern.chroot_allow_open_directories’ ??¾???ͤξ??硢?????ץ??ǥ??쥯?ȥ??Υ????å??Ϥ????ޤ?????

?????˴?λ?????ȡ??? 0 ???֤????ޤ??? ?????Ǥʤ??????ϡ??? -1 ???֤??졢???顼?򼨤??????? errno ?????ꤵ???ޤ???

???顼

chroot() ?????ƥॳ?????ϡ????ξ????????˼??Ԥ????롼?ȥǥ??쥯?ȥ????ѹ??????ޤ???:

[ENOTDIR]: ?ѥ??ι??????????˥ǥ??쥯?ȥ??ʳ??Τ??Τ??ޤޤ??Ƥ??ޤ???
[EPERM]: ?¸??桼?? ID ???????ѥ桼???ǤϤ????ޤ????? ?ޤ??ϥǥ??쥯?ȥ꤬ 1 ?İʾ??Υե????뵭?һҤˤ??äƥ????ץ󤵤??Ƥ??ޤ???
[ENAMETOOLONG]: ?ѥ?̾?ι??????Ǥ? 255 ʸ?????ۤ??Ƥ??뤫?? ?ޤ??ϥѥ?̾???Τ? 1023 ʸ?????ۤ??Ƥ??ޤ???
[ENOENT]: ?????Υǥ??쥯?ȥ꤬¸?ߤ??ޤ?????
[EACCES]: ???ꤵ?줿?ѥ??ˤϡ??????????Ĥ????Ƥ??ʤ??ǥ??쥯?ȥ꤬?ޤޤ??Ƥ??ޤ???
[ELOOP]: ?ѥ?̾???Ѵ??????Ȥ??˸??Ф??줿?????ܥ??å????󥯤?¿?????ޤ???
[EFAULT]: dirname ?????????ץ??????˳??????Ƥ??줿???ɥ쥹???֤??ϰϳ????ؤ??Ƥ??ޤ???
[EIO]: ?ե????륷???ƥ????ɤ߽񤭤??Ƥ????֤??????ϥ??顼??ȯ?????ޤ?????

??Ϣ????

chdir(2), jail(2)

????

chroot() ?????ƥॳ?????? 4.2BSD ???о줷?ޤ?????

?Х?

?ץ??????????κ??ȥǥ??쥯?ȥ?????Ū?Υǥ??쥯?ȥ????ѹ???ǽ?Ǥ??뤬?? (?ǥ??쥯?ȥ??Υ????ץ??????å????ޤ??? MAC ?????å??Τ褦??) ¾?? ?????????????????å??Ǽ??Ԥ????????ˤϡ????Υץ??????κ??ȥǥ??쥯?ȥ꤬ ?ѹ????줿?ޤޡ????Υ????ƥॳ???뤬???顼???֤????⤷???ޤ?????