WinQuota home
WinArmor 1.0
Key features (full list)
Spawn specific applications with sandbox
Manage profiles for every application and service
Automated templates
Sandbox' own system drive
Sandbox' own registry (both system and user settings)
Sandbox' own other drives (optionally)
Shared drives (CD-ROM, network drives, USB storage devices, particular hard drive partitions or folders) (optionally)
Shared TCP/IP services, named pipes and ither IPC services
Copy on demand feature
Support Windows 2000 - Windows 2008 (and Windows Vista)
WinArmor download Buy WinArmor now
  • 1 year support of all present features
  • free updates and bug fixes
  • no limitations by processor
  • WinArmor download Download trial (2,2 MB)
  • $0
  • limited support
  • limited functionality when trial period expires
  • Command line access for chroot command

    Back to Index

    Starting new application in chroot

    WinArmor contains command-line tool chroot.exe which provides ability to start any application in jail environment. It allows allows the following commands:

    chroot [-uid UID] [-type [-add-only|-remove-only|-no-wait]] [[-cow|-shared|-shared-readonly|-private] -map OldRoot NewRoot [...]] [command [args...]]


    • oldroot is path to be mapped like c:\
    • newroot is new place c:\realfolder\
    • command is program like notepad.exe (cmd.exe by default)
    • args are specific parameters to command (no args by default)


    • -uid UID user name for which chroot will be limited, Anyone by default. Any standard names and groups are applicable.
    • -add-only adds corresponding rules; no prograns will be spawned. It is useful to collect multiple default rules; the program name is required.
    • -remove-only removes default rules; nothing will be spawned. The program name is required.
    • -no-wait spawns program but not wait him cancellation; all added maps are kept as default.
    • -cow Copy-On-Write map [default if no other qualifiers specified]; it indicates all required files will be copied from hosting platform on demand.
    • -shared Shared map; this map will not be copied to chroot environment.
    • -shared-readonly Shared map with blocking any attempts to modify or delete files.
    • -private The corresponding map will not be copied even if any CoW maps will relate to this folder. The program name and newroot can be specified as astericks.
    • -type The rule will be applied for all processes with the same name, rather specific application.

    All paths in parameters needs to be inside newroot.


    chroot -cow -map C:\* d:\jails\cmd\* -private -map d:\* CMD.exe
    This command starts CMD.EXE into d:\jails\cmd folder as drive C:, and hides drive D: for CMD.EXE completely

    chroot -type -add-only -map C:\* d:\jails\cmd\* -private -map d:\* CMD.exe
    This command indicates WinArmor core all further startups of CMD.EXE will be applied like the previous example.

    chroot -type -remove-only -map C:\* d:\jails\cmd\* -private -map d:\* CMD.exe
    This command revokes previous example.

    Home - Technologies - WinQuota - WinArmor - WinJail - Site Map - Services - Support
        Copyright © WinQuota LLC, 2004-2009. All Rights Reserved.