Date: Fri, 1 Aug 2025 07:19:36 -0500 From: Jason Bacon <bacon4000@gmail.com> To: freebsd-hackers <hackers@freebsd.org> Subject: Non-root chroot Message-ID: <aa1950e6-46d0-44ed-8487-df45bad8b3c8@gmail.com>
next in thread | raw e-mail | index | archive | help
I'm wondering if there is any way to perform a simple chroot without having root privileges. The goal is to test software builds with access to a limited set of dependencies, as poudriere does, but outside the FreeBSD ports system, and in some cases on hosts where the user has no root access. This will prevent configure scripts with hard-coded search paths from finding things we don't want them to find. Portability to other POSIX platforms would be desirable as well, but is not essential. It's not clear to me why chroot() wasn't designed to support this use case. There's lots of documentation stating that it's a security risk, but I don't see why it couldn't have been designed to be run by a regular user without escalating privileges inside the chroot. I.e. if user "joe" does such a user-level chroot call, then all chrooted processes run as "joe", but with the path of the chroot dir prepended to every open() call (after $CWD is prepended to relative paths, of course), so that processes can only access files in the chroot dir. User "joe" would have the same privileges inside the chroot that he has on the host. One of the other security concerns mentioned is jail breaks, but if joe managed to escape the chroot, he'd only be hurting himself by borking the test build, so that's not a concern here. It might be possible to port fakechroot (https://github.com/dex4er/fakechroot), proot (https://github.com/proot-me/proot), or something similar, but is there anything else on FreeBSD that can do this? Thanks, Jason -- Life is a game. Play hard. Play fair. Have fun.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aa1950e6-46d0-44ed-8487-df45bad8b3c8>