plash-chroot — chroot program, for use under Plash
plash-chrootroot-dir
command
[arguments...
]
Runs the command with the root directory set to root-dir
.
This program is a version of chroot which works under Plash. Unlike the normal chroot, use of plash-chroot isn't restricted to the superuser.
exec-object(1) may be more useful.
Normally, use of chroot is restricted to root under Unix, because it's dangerous in the presence of setuid executables. (You can hard link a setuid executable into your chroot directory and replace the libraries it uses with your own code.) But Plash doesn't provide setuid executables, so it's safe. Plash provides executable objects as a replacement for setuid.
How it works: The program asks the server to return a reference to the directory that it wants to chroot into. Then it creates a new fs_op object (which resides in the server process) for handling filesystem requests, using that directory as the root. It replaces its existing fs_op object with the new one, and then it execve()s the given command.