What chroot() is really for

Posted Oct 4, 2007 15:09 UTC (Thu) by ebiederm (subscriber, #35028)
In reply to: What chroot() is really for by pointwood
Parent article: What chroot() is really for

Look at the mount namespace in the kernel.

That can give the same effect as chroot but without being able to escape.

For even more strength one of the linux security modules like AppArmor or
Selinux can help.

For more support making an application look like it has the box to itself
the ongoing work on namespaces can help. Ultimately though while the
namespaces can help improve security just like chroot that isn't their
primary point.