Chroot Jail Not Secure for Sandboxing Python?

"Martin v. Löwis" martin at
Wed Jun 27 05:33:23 CEST 2007

> To launch a child process in a chroot you can easily just fork and
> then make the chroot syscall in the child process immediately after
> the fork.

It's not so easy. On Linux, you need to have the CAP_SYS_CHROOT
capability to invoke the syscall; on other systems, you may have
to be root.


More information about the Python-list mailing list