Command line access for chroot command
Back to Index
Starting new application in chroot
WinArmor contains command-line tool chroot.exe which provides ability to start any application in jail environment. It allows allows the following commands:
chroot [-uid UID] [-type [-add-only|-remove-only|-no-wait]] [[-cow|-shared|-shared-readonly|-private] -map OldRoot NewRoot [...]] [command [args...]]
- oldroot is path to be mapped like c:\
- newroot is new place c:\realfolder\
- command is program like notepad.exe (cmd.exe by default)
- args are specific parameters to command (no args by default)
- -uid UID user name for which chroot will be limited, Anyone by default. Any standard names and groups are applicable.
- -add-only adds corresponding rules; no prograns will be spawned. It is useful to collect multiple default rules; the program name is required.
- -remove-only removes default rules; nothing will be spawned. The program name is required.
- -no-wait spawns program but not wait him cancellation; all added maps are kept as default.
- -cow Copy-On-Write map [default if no other qualifiers specified]; it indicates all required files will be copied from hosting platform on demand.
- -shared Shared map; this map will not be copied to chroot environment.
- -shared-readonly Shared map with blocking any attempts to modify or delete files.
- -private The corresponding map will not be copied even if any CoW maps will relate to this folder. The program name and newroot can be specified as astericks.
- -type The rule will be applied for all processes with the same name, rather specific application.
All paths in parameters needs to be inside newroot.
chroot -cow -map C:\* d:\jails\cmd\* -private -map d:\* CMD.exe
This command starts CMD.EXE into d:\jails\cmd folder as drive C:, and hides drive D: for CMD.EXE completely
chroot -type -add-only -map C:\* d:\jails\cmd\* -private -map d:\* CMD.exe
This command indicates WinArmor core all further startups of CMD.EXE will be applied like the previous example.
chroot -type -remove-only -map C:\* d:\jails\cmd\* -private -map d:\* CMD.exe
This command revokes previous example.