D51703.id159654.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D51703.id159654.diff
View Options

	Index: lib/libsys/chroot.2
	===================================================================
	--- lib/libsys/chroot.2
	+++ lib/libsys/chroot.2
	@@ -25,7 +25,7 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd July 15, 2024
	+.Dd August 2, 2025
	.Dt CHROOT 2
	.Os
	.Sh NAME
	@@ -61,7 +61,12 @@
	.Fn chroot
	has no effect on the process's current directory.
	.Pp
	-This call is restricted to the super-user.
	+This call is restricted to the super-user, unless the
	+.Ql security.bsd.unprivileged_chroot
	+sysctl variable is set to 1
	+and the process has enabled the
	+.Dv PROC_NO_NEW_PRIVS_CTL
	+.Xr procctl 2 .
	.Pp
	Depending on the setting of the
	.Ql kern.chroot_allow_open_directories
	@@ -106,19 +111,35 @@
	.Sh ERRORS
	The
	.Fn chroot
	-system call
	+and
	+.Fn fchroot
	+system calls
	will fail and the root directory will be unchanged if:
	.Bl -tag -width Er
	-.It Bq Er ENOTDIR
	-A component of the path name is not a directory.
	.It Bq Er EPERM
	-The effective user ID is not the super-user, or one or more
	-filedescriptors are open directories.
	-.It Bq Er ENAMETOOLONG
	-A component of a pathname exceeded 255 characters,
	-or an entire path name exceeded 1023 characters.
	-.It Bq Er ENOENT
	-The named directory does not exist.
	+The effective user ID is not the super-user and the
	+.Ql security.bsd.unprivileged_chroot
	+sysctl is 0.
	+.It Bq Er EPERM
	+The effective user ID is not the super-user and the
	+process has not enabled the
	+.Dv PROC_NO_NEW_PRIVS_CTL
	+.Xr procctl 2 .
	+.It Bq Er EPERM
	+One or more filedescriptors are open directories and the
	+.Ql kern.chroot_allow_open_directories
	+sysctl is not set to permit this.
	+.It Bq Er EIO
	+An I/O error occurred while reading from or writing to the file system.
	+.It Bq Er EINTEGRITY
	+Corrupted data was detected while reading from the file system.
	+.El
	+.Pp
	+The
	+.Fn chroot
	+system call
	+will fail and the root directory will be unchanged if:
	+.Bl -tag -width Er
	.It Bq Er EACCES
	Search permission is denied for any component of the path name.
	.It Bq Er ELOOP
	@@ -128,10 +149,13 @@
	.Fa dirname
	argument
	points outside the process's allocated address space.
	-.It Bq Er EIO
	-An I/O error occurred while reading from or writing to the file system.
	-.It Bq Er EINTEGRITY
	-Corrupted data was detected while reading from the file system.
	+.It Bq Er ENAMETOOLONG
	+A component of a pathname exceeded 255 characters,
	+or an entire path name exceeded 1023 characters.
	+.It Bq Er ENOENT
	+The named directory does not exist.
	+.It Bq Er ENOTDIR
	+A component of the path name is not a directory.
	.El
	.Pp
	The
	@@ -146,15 +170,8 @@
	The argument
	.Fa fd
	is not a valid file descriptor.
	-.It Bq Er EIO
	-An I/O error occurred while reading from or writing to the file system.
	-.It Bq Er EINTEGRITY
	-Corrupted data was detected while reading from the file system.
	.It Bq Er ENOTDIR
	The file descriptor does not reference a directory.
	-.It Bq Er EPERM
	-The effective user ID is not the super-user, or one or more
	-filedescriptors are open directories.
	.El
	.Sh SEE ALSO
	.Xr chdir 2 ,

File Metadata

Mime Type: text/plain
Expires: Sat, Jan 31, 9:32 PM (8 h, 23 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28192136
Default Alt Text: D51703.id159654.diff (3 KB)

D51703.id159654.diffNo OneTemporaryActions

D51703.id159654.diffView Options

File Metadata

Event Timeline

D51703.id159654.diff
No OneTemporary
Actions

D51703.id159654.diff
View Options