From: Willy Tarreau <w@1wt.eu>
Date: Wed, 20 May 2026 09:05:17 +0000 (+0200)
Subject: MINOR: startup: do not execute chroot() when "/"
X-Git-Tag: v3.4-dev13~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3c35e7f137092eb3be7da35e6291a60102b56bc0;p=thirdparty%2Fhaproxy.git

MINOR: startup: do not execute chroot() when "/"

We'll recommend to use "chroot /" to explicitly disable chroot, however
there might be configurations where it would cause problems to just issue
the syscall (typically some hardened containers), so let's make sure that
"chroot /" is a nop in this case.
---

diff --git a/src/haproxy.c b/src/haproxy.c
index 3a4318753..68ab5d5ee 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -3351,7 +3351,7 @@ static int do_chroot(const char *prog, const char *path)
 		DISGUISE(rmdir(tmpdir));
 		if (!error)
 			error = chroot(".");
-	} else {
+	} else if (strcmp(path, "/") != 0) {
 		error = chroot(path);
 	}
 	if (!error)