On 08/01/2010 01:44 PM, JohnS wrote: > It *WILL* work It is called "Outside to In"&& mount -o bind will also. You previously described symlinking "out" to the root filesystem, which is impossible. Symlinks cannot resolve to files outside of a chroot environment. Hard links can. It is, however, possible to create a symlink in the primary root filesystem which points to a file inside a tree used for chroot, if that is what you mean by "outside to in". In that case, your previous post was simply unclear. > The difference depends on what is exactly the person needs. IE (which > way). It will also allow a "Jail Break" Out& In. So security goes out > the window. In effect Zero Day here we are. Symlinks do not allow you to break out of a chroot. In fact, chroot isn't a security mechanism. chroot will confine any non-root process, but any root process can escape a chroot simply by setting its cwd to the root directory and then calling chroot() to any directory. The process will then have a cwd outside its own root filesystem, and can access the filesystem outside of the path it was originally using as its chroot. The term "zero day" normally describes a software exploit which was not previously known. I don't believe it applies to anything you described.