git: 938fbab6f52a - stable/14 - chroot.2: Update errors and unprivileged use

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ed Maste <emaste_at_FreeBSD.org>
Date: Wed, 03 Sep 2025 13:56:07 UTC
The branch stable/14 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=938fbab6f52aae1872202411a976fcfb6797a2c9

commit 938fbab6f52aae1872202411a976fcfb6797a2c9
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-08-02 17:17:40 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-09-03 13:55:53 +0000

    chroot.2: Update errors and unprivileged use
    
    Include errors common to chroot and fchroot in a single list, followed
    by errors unique to each.
    
    Unprivileged chroot is permitted if the security.bsd.unprivileged_chroot
    sysctl is set to 1.  Make note of this and update the EPERM description.
    
    Reported by:    kevans
    Reviewed by:    kevans, kib
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D51703
    
    (cherry picked from commit 95f8c3e1ed0c3075411444381a5a4baef4ed8fda)
---
 lib/libc/sys/chroot.2 | 44 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/lib/libc/sys/chroot.2 b/lib/libc/sys/chroot.2
index af37a58794b8..cf17b9ab577c 100644
--- a/lib/libc/sys/chroot.2
+++ b/lib/libc/sys/chroot.2
@@ -25,9 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)chroot.2	8.1 (Berkeley) 6/4/93
-.\"
-.Dd September 29, 2020
+.Dd August 2, 2025
 .Dt CHROOT 2
 .Os
 .Sh NAME
@@ -60,7 +58,12 @@ It should be noted that
 .Fn chroot
 has no effect on the process's current directory.
 .Pp
-This call is restricted to the super-user.
+This call is restricted to the super-user, unless the
+.Ql security.bsd.unprivileged_chroot
+sysctl variable is set to 1
+and the process has enabled the
+.Dv PROC_NO_NEW_PRIVS_CTL
+.Xr procctl 2 .
 .Pp
 Depending on the setting of the
 .Ql kern.chroot_allow_open_directories
@@ -99,14 +102,37 @@ still present on other systems.
 .Sh ERRORS
 The
 .Fn chroot
+and
+.Fn fchroot
+system calls
+will fail and the root directory will be unchanged if:
+.Bl -tag -width Er
+.It Bq Er EPERM
+The effective user ID is not the super-user and the
+.Ql security.bsd.unprivileged_chroot
+sysctl is 0.
+.It Bq Er EPERM
+The effective user ID is not the super-user and the
+process has not enabled the
+.Dv PROC_NO_NEW_PRIVS_CTL
+.Xr procctl 2 .
+.It Bq Er EPERM
+One or more filedescriptors are open directories and the
+.Ql kern.chroot_allow_open_directories
+sysctl is not set to permit this.
+.It Bq Er EIO
+An I/O error occurred while reading from or writing to the file system.
+.It Bq Er EINTEGRITY
+Corrupted data was detected while reading from the file system.
+.El
+.Pp
+The
+.Fn chroot
 system call
 will fail and the root directory will be unchanged if:
 .Bl -tag -width Er
 .It Bq Er ENOTDIR
 A component of the path name is not a directory.
-.It Bq Er EPERM
-The effective user ID is not the super-user, or one or more
-filedescriptors are open directories.
 .It Bq Er ENAMETOOLONG
 A component of a pathname exceeded 255 characters,
 or an entire path name exceeded 1023 characters.
@@ -121,10 +147,6 @@ The
 .Fa dirname
 argument
 points outside the process's allocated address space.
-.It Bq Er EIO
-An I/O error occurred while reading from or writing to the file system.
-.It Bq Er EINTEGRITY
-Corrupted data was detected while reading from the file system.
 .El
 .Sh SEE ALSO
 .Xr chdir 2 ,