plash-chroot — chroot program, for use under Plash


plash-chroot root-dir command [arguments...]


Runs the command with the root directory set to root-dir.

This program is a version of chroot which works under Plash. Unlike the normal chroot, use of plash-chroot isn't restricted to the superuser.

exec-object(1) may be more useful.


Normally, use of chroot is restricted to root under Unix, because it's dangerous in the presence of setuid executables. (You can hard link a setuid executable into your chroot directory and replace the libraries it uses with your own code.) But Plash doesn't provide setuid executables, so it's safe. Plash provides executable objects as a replacement for setuid.

How it works: The program asks the server to return a reference to the directory that it wants to chroot into. Then it creates a new fs_op object (which resides in the server process) for handling filesystem requests, using that directory as the root. It replaces its existing fs_op object with the new one, and then it execve()s the given command.

See also

plash, exec-object, chroot



Mark Seaborn <>