Re: Different roots for each process possible?

[Stefan Karrmann <sk@mathematik.uni-ulm.de>]

Roland McGrath schrieb folgendes am Mon, Jan 15, 2001 at 07:47:04PM -0500:
> Each process has a port that is its root directory, just as it has a port
> that is its current working directory.  The root directory port is
> inherited by fork/exec just like the current directory port is.  This is
> how chroot works (the other piece of chroot is a filesystem RPC used to get
> a directory port that doesn't let /.. get out of the chosen "root"
> directory).  As with chroot on Unix, a setuid program (called a secure exec
> in Hurdish) reverts to the global root directory port.  So, modulo setuid,
> you can chroot your shell to a filesystem of your choice and the processes
> that descend from it will see that filesystem as the root for their lookups.  
> 
> So, by setting a translator the implements the filesystem name space you
> want to see on ~/myroot, you can do "chroot ~/myroot" to go into that world.
 
On Unix root can break out of the chrooted environment by the following:

# mknod hda1 b 3 1; # assume hda1 is your root filesystem
# mkdir mnt
# mount -n hda1 mnt
# chroot mnt
# echo "I'm now in the original root directory!"

Of course, you can still use system calls to achieve the same result.

Is there such an escape possible too?

-- 
Stefan Karrmann