]>
Commit | Line | Data |
---|---|---|
ee5ec1d2 AC |
1 | .\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com> |
2 | .\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com> | |
3 | .\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org> | |
4 | .\" | |
5 | .\" SPDX-License-Identifier: GPL-3.0-or-later | |
6 | .\" | |
7 | .TH proc_pid_root 5 (date) "Linux man-pages (unreleased)" | |
8 | .SH NAME | |
9 | /proc/pid/root/ \- symbolic link to root directory | |
10 | .SH DESCRIPTION | |
11 | .TP | |
12 | .IR /proc/ pid /root/ | |
13 | UNIX and Linux support the idea of a per-process root of the | |
14 | filesystem, set by the | |
15 | .BR chroot (2) | |
16 | system call. | |
17 | This file is a symbolic link that points to the process's | |
18 | root directory, and behaves in the same way as | |
19 | .IR exe , | |
20 | and | |
21 | .IR fd/* . | |
22 | .IP | |
23 | Note however that this file is not merely a symbolic link. | |
24 | It provides the same view of the filesystem (including namespaces and the | |
25 | set of per-process mounts) as the process itself. | |
26 | An example illustrates this point. | |
27 | In one terminal, we start a shell in new user and mount namespaces, | |
28 | and in that shell we create some new mounts: | |
29 | .IP | |
30 | .in +4n | |
31 | .EX | |
32 | $ \fBPS1=\[aq]sh1# \[aq] unshare \-Urnm\fP | |
33 | sh1# \fBmount \-t tmpfs tmpfs /etc\fP # Mount empty tmpfs at /etc | |
34 | sh1# \fBmount \-\-bind /usr /dev\fP # Mount /usr at /dev | |
35 | sh1# \fBecho $$\fP | |
36 | 27123 | |
37 | .EE | |
38 | .in | |
39 | .IP | |
40 | In a second terminal window, in the initial mount namespace, | |
41 | we look at the contents of the corresponding mounts in | |
42 | the initial and new namespaces: | |
43 | .IP | |
44 | .in +4n | |
45 | .EX | |
46 | $ \fBPS1=\[aq]sh2# \[aq] sudo sh\fP | |
47 | sh2# \fBls /etc | wc \-l\fP # In initial NS | |
48 | 309 | |
49 | sh2# \fBls /proc/27123/root/etc | wc \-l\fP # /etc in other NS | |
50 | 0 # The empty tmpfs dir | |
51 | sh2# \fBls /dev | wc \-l\fP # In initial NS | |
52 | 205 | |
53 | sh2# \fBls /proc/27123/root/dev | wc \-l\fP # /dev in other NS | |
54 | 11 # Actually bind | |
55 | # mounted to /usr | |
56 | sh2# \fBls /usr | wc \-l\fP # /usr in initial NS | |
57 | 11 | |
58 | .EE | |
59 | .in | |
60 | .IP | |
61 | .\" The following was still true as at kernel 2.6.13 | |
62 | In a multithreaded process, the contents of the | |
63 | .IR /proc/ pid /root | |
64 | symbolic link are not available if the main thread has already terminated | |
65 | (typically by calling | |
66 | .BR pthread_exit (3)). | |
67 | .IP | |
68 | Permission to dereference or read | |
69 | .RB ( readlink (2)) | |
70 | this symbolic link is governed by a ptrace access mode | |
71 | .B PTRACE_MODE_READ_FSCREDS | |
72 | check; see | |
73 | .BR ptrace (2). | |
74 | .SH SEE ALSO | |
75 | .BR proc (5) |