document updated 15 years ago, on Dec 18, 2009
- The Wikipedia page for 'chroot' notes that "Only the root user can perform a chroot. ... It prevents chroot from being used as an unprivileged sandboxing mechanism (for example, for users to run and test untrusted applications downloaded from the Internet)."
(unfortunately, that's exactly what I had in mind for it)
- I've used LD_PRELOAD in the past to accomplish this to a small extent. It does mostly work, but isn't portable AT ALL.
- it's also not bullet-proof, since it can't work across the SU barrier