K 10
svn:author
V 3
phk
K 8
svn:date
V 27
1999-03-23T14:26:40.000000Z
K 7
svn:log
V 502
Add a sysctl variable which can help stop chroot(2) escapes.

kern.chroot_allow_open_directories = 0
	chroot(2) fails if there are open directories.

kern.chroot_allow_open_directories = 1 (default)
	chroot(2) fails if there are open directories and the process
	is subject of a previous chroot(2).

kern.chroot_allow_open_directories = anything else
	filedescriptors are not checked.  (old behaviour).

I'm very interested in reports about software which breaks when
running with the default setting.

END