Updates to chroot(2) docs

1. Note what settings give historic behavior 2. Recommend jail under security considerations.
svn path=/head/; revision=366266
2024-09-06 17:18:32 +00:00 · 2020-09-29 18:13:54 +00:00 · 2020-09-29 18:13:54 +00:00 · 61c4a6f317 · 2020-12-20 02:59:44 +00:00
parent dc761d84e2
commit 61c4a6f317
1 changed files with 9 additions and 2 deletions
--- a/lib/libc/sys/chroot.2
+++ b/lib/libc/sys/chroot.2
@ -28,7 +28,7 @@
 .\"     @(#)chroot.2	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd June 26, 2020
+.Dd September 29, 2020
 .Dt CHROOT 2
 .Os
 .Sh NAME
@ -91,7 +91,10 @@ system call.
 .Pp
 Any other value for
 .Ql kern.chroot_allow_open_directories
-will bypass the check for open directories
+will bypass the check for open directories,
+mimicking the historic insecure behavior of
+.Fn chroot
+still present on other systems.
 .Sh RETURN VALUES
 .Rv -std
 .Sh ERRORS
@ -156,3 +159,7 @@ root,
 for instance,
 setup the sandbox so that the sandboxed user will have no write
 access to any well-known system directories.
+.Pp
+For complete isolation from the rest of the system, use
+.Xr jail 2
+instead.