Thanks a lot. This painted a good picture regarding the caveats involved. -Alphonse <div class="gmail_quote">On Mon, Sep 12, 2011 at 7:14 AM, Daniel P. Berrange <<a href="mailto:berrange@redhat.com">berrange@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div></div><div class="h5">On Tue, Sep 06, 2011 at 01:02:14PM -0400, Alphonse Hansel Anthony wrote: > Hi, > What is the difference between chroot & pivot_root. > They don't seem obvious based on the man pages apart from the below > mentioned > caveats. > > 1) Inherited Open file descriptors, have to be explicitly closed. > 2) Does not change CWD of the process, which can be overcome by doing a > chdir before & after chroot call. > > Any information on this would be useful. </div></div>I assume you are asking wrt the libvirt LXC driver, which uses pivot_root instead of chroot() when setting up the guest. The primary reason for this is that chroot() is escapable, where as pivot_root() is not. <a href="https://s3hh.wordpress.com/2011/05/31/escaping-chroots/" target="_blank">https://s3hh.wordpress.com/2011/05/31/escaping-chroots/</a> Regards, Daniel -- |: <a href="http://berrange.com" target="_blank">http://berrange.com</a> -o- <a href="http://www.flickr.com/photos/dberrange/" target="_blank">http://www.flickr.com/photos/dberrange/</a> :| |: <a href="http://libvirt.org" target="_blank">http://libvirt.org</a> -o- <a href="http://virt-manager.org" target="_blank">http://virt-manager.org</a> :| |: <a href="http://autobuild.org" target="_blank">http://autobuild.org</a> -o- <a href="http://search.cpan.org/%7Edanberr/" target="_blank">http://search.cpan.org/~danberr/</a> :| |: <a href="http://entangle-photo.org" target="_blank">http://entangle-photo.org</a> -o- <a href="http://live.gnome.org/gtk-vnc" target="_blank">http://live.gnome.org/gtk-vnc</a> :| </blockquote></div>