From 61c4a6f317bf9b6a3cc8c42931601f296ad395c7 Mon Sep 17 00:00:00 2001
From: Warner Losh <imp@FreeBSD.org>
Date: Tue, 29 Sep 2020 18:13:54 +0000
Subject: Updates to chroot(2) docs

1. Note what settings give historic behavior
2. Recommend jail under security considerations.
---
 lib/libc/sys/chroot.2 | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'lib/libc')

diff --git a/lib/libc/sys/chroot.2 b/lib/libc/sys/chroot.2
index e72ae172951b5..69ee3743d9d31 100644
--- a/lib/libc/sys/chroot.2
+++ b/lib/libc/sys/chroot.2
@@ -28,7 +28,7 @@
 .\"     @(#)chroot.2	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd June 26, 2020
+.Dd September 29, 2020
 .Dt CHROOT 2
 .Os
 .Sh NAME
@@ -91,7 +91,10 @@ system call.
 .Pp
 Any other value for
 .Ql kern.chroot_allow_open_directories
-will bypass the check for open directories
+will bypass the check for open directories,
+mimicking the historic insecure behavior of
+.Fn chroot
+still present on other systems.
 .Sh RETURN VALUES
 .Rv -std
 .Sh ERRORS
@@ -156,3 +159,7 @@ root,
 for instance,
 setup the sandbox so that the sandboxed user will have no write
 access to any well-known system directories.
+.Pp
+For complete isolation from the rest of the system, use
+.Xr jail 2
+instead.
-- 
cgit v1.2.3