can I use chroot() multiple times in one program

[Wu Zhou]

On Tue, Jan 12, 2010 at 9:20 PM, Américo Wang <xiyou.wangcong@gmail.com> wrote:
>>
>> Ah. Sound a little odd to me. AFAIK, chroot is a system call, which
>> append the named directory to the path resolution for this process and
>> its children. Maybe this directory is saved some place in the process
>> control block?
>
> True, you can find it in task_struct ->fs->root.
> But this doesn't mean you can go back.
>
>> Another chroot should be able to change this again and
>> the later code will use the new directory. Don't see why this is not
>> designed in such a way.
>>
>
> Well, suppose you have a program within the chroot jail which also
> does a chroot(), so with _your_ design it can jump out the jail!! With
> the correct design, it can't, never.

Good justification. But sometimes chroot might be used in non-security
purpose. Then re-change the root can be a useful option.

>> I have a large piece of legacy C code, working on a chrooted
>> environment. and we have a python script to replace one part of this C
>> code, which need to look at this chroot environment back in the
>> original root directory. And I am just lazy, don't want to use some
>> kind of IPC mechanism at this time. :-)
>>
>
> Not sure if you have Python environment within your chroot jail,
> and if your chroot directory is on the same file system with your
> python script, you can try to make a hard link to that python script.
>
There are too many dependence there. I tried using IPC to reach the
goal. Thanks for your pointers anyway.

Best,
Wu Zhou