Assigning a different root location to regular services
A different root location, also known as a chroot, is an important feature of Linux systems meant to disallow direct access to file resources outside a specified directory location. The environment that is accessible from a chroot is called a jail or chroot jail. Applications in a chroot jail are launched with a different root, wherein only those files that are needed for the application to work are hosted.
Although it is commonly seen as a security feature, this was not the intention of a chroot. However, with the proper approach, chroots can enhance the secure setup of an application.
For instance, in case of a vulnerability, a successful exploit might only be able to access the files available ...
Get SELinux Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.