Alphonse Hansel Anthony
2011-Sep-06 17:02 UTC
[libvirt-users] Reg: Difference between chroot & pivot_root
Hi, What is the difference between chroot & pivot_root. They don't seem obvious based on the man pages apart from the below mentioned caveats. 1) Inherited Open file descriptors, have to be explicitly closed. 2) Does not change CWD of the process, which can be overcome by doing a chdir before & after chroot call. Any information on this would be useful. Thanks, Alphonse -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20110906/0e8bd7b9/attachment.htm>
Daniel P. Berrange
2011-Sep-12 11:14 UTC
[libvirt-users] Reg: Difference between chroot & pivot_root
On Tue, Sep 06, 2011 at 01:02:14PM -0400, Alphonse Hansel Anthony wrote:> Hi, > What is the difference between chroot & pivot_root. > They don't seem obvious based on the man pages apart from the below > mentioned > caveats. > > 1) Inherited Open file descriptors, have to be explicitly closed. > 2) Does not change CWD of the process, which can be overcome by doing a > chdir before & after chroot call. > > Any information on this would be useful.I assume you are asking wrt the libvirt LXC driver, which uses pivot_root instead of chroot() when setting up the guest. The primary reason for this is that chroot() is escapable, where as pivot_root() is not. https://s3hh.wordpress.com/2011/05/31/escaping-chroots/ Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Guido Winkelmann
2011-Sep-13 13:05 UTC
[libvirt-users] Reg: Difference between chroot & pivot_root
Am Dienstag, 6. September 2011, 19:02:14 schrieb Alphonse Hansel Anthony:> Hi, > What is the difference between chroot & pivot_root.As far as I know, chroot changes only the effective root for one newly started process and all the child processes it will start in the future, leaving all other processes unaffected, while pivot_root changes the root for the entire system, killing all other processes. The last time I saw pivot_root in practical use, it was as part of some multi- staged boot-over-nfs process. Guido