Date: Sun, 27 Sep 2020 22:12:11 +0300 From: xtouqh@hotmail.com To: Kyle Evans <kevans@freebsd.org>, Warner Losh <imp@bsdimp.com> Cc: Yuri <yuri@rawbw.com>, Freebsd hackers list <freebsd-hackers@freebsd.org> Subject: Re: Is it possible to exit the chroot(2) environment? Message-ID: <AM0PR06MB39866F94504F62FB9BDCABADC0340@AM0PR06MB3986.eurprd06.prod.outlook.com> In-Reply-To: <CACNAnaFVg2yZnWbfC=MmPfQ==XZYssHFuz%2BCjz%2B67TkZ108qRA@mail.gmail.com> References: <b6412618-02ec-1dbd-f474-b4412d7b774b@rawbw.com> <CANCZdfqJ14-Cpvi9%2Bd%2BHRgWbHk7vDUNNOKLUVOC9iBUqZKX=Pw@mail.gmail.com> <CACNAnaFVg2yZnWbfC=MmPfQ==XZYssHFuz%2BCjz%2B67TkZ108qRA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kyle Evans wrote: > On Sun, Sep 27, 2020 at 2:03 PM Warner Losh <imp@bsdimp.com> wrote: >> >> On Sun, Sep 27, 2020 at 12:30 PM Yuri <yuri@rawbw.com> wrote: >> >>> This line >>> >>> https://github.com/rpm-software-management/rpm/blob/master/lib/rpmchroot.c#L155 >>> calls chroot(".") in order to exit from the chroot environment. >>> >> >> Interesting. FreeBSD doesn't allow that. >> >> >>> It apparently succeeds on Linux (this is rpm), but it fails on FreeBSD >>> with "Operation not permitted", while executed under sudo. >>> >>> The chroot(2) man page doesn't mention anything about exiting the chroot >>> environment. >>> >> >> True. Such behavior is undefined. There's no defined notion of exiting a >> chroot. It doesn't seem to be documented in the few examples of the >> chroot(2) call linux man pages I've found. Do you have documentation on >> what, exactly, it's supposed to do? >> > > I'm almost certain they just aren't restricting you from chrooting to > a directory out of the chroot if you have a reference to it, so it > probably does something like: > > chdir("/"); > chroot("/some/root"); > /* Do stuff, but never chdir */ > chroot("."); /* Working directory is still the real root. */ Reading the illumos chroot(2) suggests something similar: The ".." entry in the root directory is interpreted to mean the root directory itself. Therefore, ".." cannot be used to access files outside the subtree rooted at the root directory. Instead, fchroot() can be used to reset the root to a directory that was opened before the root directory was changed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AM0PR06MB39866F94504F62FB9BDCABADC0340>