Digging through my old email archives I found this:
Ok, I learned something really cool today from Sun.
How can you tell if a process is chroot’d or not? ps gives you no clue, nor does the kmem.
Here is a neat trick to figure this out. You have to love those kernal hackers!!!
% ps -aef | egrep nscd
root 1022 1 0 09:21:20 ? 0:00 /bb/bin/nscd
% crash -d /dev/mem -n /dev/ksyms
dumpfile = /dev/mem, namelist = /dev/ksyms, outfile = stdout
> p #1022
PROC TABLE SIZE = 30000
SLOT ST PID PPID PGID SID UID PRI NAME FLAGS
47 s 1022 1 1022 1022 0 50 nscd load
> user 47
PER PROCESS USER AREA FOR PROCESS 47
PROCESS MISC:
command: nscd, psargs: /bb/bin/nscd
start: Thu Oct 24 09:21:20 2002
mem: 1fd, type: fork
vnode of current directory: 300041d98e8, vnode of root directory: 300041d98e8,
[rest of output deleted]
Run crash, then “p #pid”, then “user SLOT”
The fact that it lists “vnode of root directory” means it is chroot’d.
pretty cool 😉