[thirdparty/man-pages.git] / man5 / proc_pid_root.5

.\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com>
.\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com>
.\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org>
.\"
.\" SPDX-License-Identifier: GPL-3.0-or-later
.\"
.TH proc_pid_root 5 (date) "Linux man-pages (unreleased)"
.SH NAME
/proc/pid/root/ \- symbolic link to root directory
.SH DESCRIPTION
.TP
.IR /proc/ pid /root/
UNIX and Linux support the idea of a per-process root of the
filesystem, set by the
.BR chroot (2)
system call.
This file is a symbolic link that points to the process's
root directory, and behaves in the same way as
.IR exe ,
and
.IR fd/* .
.IP
Note however that this file is not merely a symbolic link.
It provides the same view of the filesystem (including namespaces and the
set of per-process mounts) as the process itself.
An example illustrates this point.
In one terminal, we start a shell in new user and mount namespaces,
and in that shell we create some new mounts:
.IP
.in +4n
.EX
$ \fBPS1=\[aq]sh1# \[aq] unshare \-Urnm\fP
sh1# \fBmount \-t tmpfs tmpfs /etc\fP  # Mount empty tmpfs at /etc
sh1# \fBmount \-\-bind /usr /dev\fP     # Mount /usr at /dev
sh1# \fBecho $$\fP
27123
.EE
.in
.IP
In a second terminal window, in the initial mount namespace,
we look at the contents of the corresponding mounts in
the initial and new namespaces:
.IP
.in +4n
.EX
$ \fBPS1=\[aq]sh2# \[aq] sudo sh\fP
sh2# \fBls /etc | wc \-l\fP                  # In initial NS
309
sh2# \fBls /proc/27123/root/etc | wc \-l\fP  # /etc in other NS
0                                     # The empty tmpfs dir
sh2# \fBls /dev | wc \-l\fP                  # In initial NS
205
sh2# \fBls /proc/27123/root/dev | wc \-l\fP  # /dev in other NS
11                                    # Actually bind
                                      # mounted to /usr
sh2# \fBls /usr | wc \-l\fP                  # /usr in initial NS
11
.EE
.in
.IP
.\" The following was still true as at kernel 2.6.13
In a multithreaded process, the contents of the
.IR /proc/ pid /root
symbolic link are not available if the main thread has already terminated
(typically by calling
.BR pthread_exit (3)).
.IP
Permission to dereference or read
.RB ( readlink (2))
this symbolic link is governed by a ptrace access mode
.B PTRACE_MODE_READ_FSCREDS
check; see
.BR ptrace (2).
.SH SEE ALSO
.BR proc (5)
Commit	Line	Data
ee5ec1d2 AC	1	.\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com>
	2	.\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com>
	3	.\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org>
	4	.\"
	5	.\" SPDX-License-Identifier: GPL-3.0-or-later
	6	.\"
	7	.TH proc_pid_root 5 (date) "Linux man-pages (unreleased)"
	8	.SH NAME
	9	/proc/pid/root/ \- symbolic link to root directory
	10	.SH DESCRIPTION
	11	.TP
	12	.IR /proc/ pid /root/
	13	UNIX and Linux support the idea of a per-process root of the
	14	filesystem, set by the
	15	.BR chroot (2)
	16	system call.
	17	This file is a symbolic link that points to the process's
	18	root directory, and behaves in the same way as
	19	.IR exe ,
	20	and
	21	.IR fd/* .
	22	.IP
	23	Note however that this file is not merely a symbolic link.
	24	It provides the same view of the filesystem (including namespaces and the
	25	set of per-process mounts) as the process itself.
	26	An example illustrates this point.
	27	In one terminal, we start a shell in new user and mount namespaces,
	28	and in that shell we create some new mounts:
	29	.IP
	30	.in +4n
	31	.EX
	32	$ \fBPS1=\[aq]sh1# \[aq] unshare \-Urnm\fP
	33	sh1# \fBmount \-t tmpfs tmpfs /etc\fP # Mount empty tmpfs at /etc
	34	sh1# \fBmount \-\-bind /usr /dev\fP # Mount /usr at /dev
	35	sh1# \fBecho $$\fP
	36	27123
	37	.EE
	38	.in
	39	.IP
	40	In a second terminal window, in the initial mount namespace,
	41	we look at the contents of the corresponding mounts in
	42	the initial and new namespaces:
	43	.IP
	44	.in +4n
	45	.EX
	46	$ \fBPS1=\[aq]sh2# \[aq] sudo sh\fP
	47	sh2# \fBls /etc \| wc \-l\fP # In initial NS
	48	309
	49	sh2# \fBls /proc/27123/root/etc \| wc \-l\fP # /etc in other NS
	50	0 # The empty tmpfs dir
	51	sh2# \fBls /dev \| wc \-l\fP # In initial NS
	52	205
	53	sh2# \fBls /proc/27123/root/dev \| wc \-l\fP # /dev in other NS
	54	11 # Actually bind
	55	# mounted to /usr
	56	sh2# \fBls /usr \| wc \-l\fP # /usr in initial NS
	57	11
	58	.EE
	59	.in
	60	.IP
	61	.\" The following was still true as at kernel 2.6.13
	62	In a multithreaded process, the contents of the
	63	.IR /proc/ pid /root
	64	symbolic link are not available if the main thread has already terminated
65	(typically by calling
66	.BR pthread_exit (3)).
67	.IP
68	Permission to dereference or read
69	.RB ( readlink (2))
70	this symbolic link is governed by a ptrace access mode
71	.B PTRACE_MODE_READ_FSCREDS
72	check; see
73	.BR ptrace (2).
74	.SH SEE ALSO
75	.BR proc (5)