Digging through my old email archives I found this:<\/p>\n
Ok, I learned something really cool today from Sun.
\nHow can you tell if a process is chroot’d or not? ps gives you no clue, nor does the kmem.
\nHere is a neat trick to figure this out.\u00a0 You have to love those kernal hackers!!!<\/p>\n
% ps -aef | egrep nscd
\nroot\u00a0 1022\u00a0\u00a0\u00a0\u00a0 1\u00a0 0 09:21:20 ?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0:00 \/bb\/bin\/nscd
\n% crash -d \/dev\/mem -n \/dev\/ksyms
\ndumpfile = \/dev\/mem, namelist = \/dev\/ksyms, outfile = stdout
\n> p #1022
\nPROC TABLE SIZE = 30000
\nSLOT ST\u00a0 PID\u00a0 PPID\u00a0 PGID\u00a0\u00a0 SID\u00a0\u00a0 UID PRI\u00a0\u00a0 NAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 FLAGS
\n47 s\u00a0 1022\u00a0\u00a0\u00a0\u00a0 1\u00a0 1022\u00a0 1022\u00a0\u00a0\u00a0\u00a0 0\u00a0 50 nscd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 load
\n> user 47
\nPER PROCESS USER AREA FOR PROCESS 47
\nPROCESS MISC:
\ncommand: nscd, psargs: \/bb\/bin\/nscd
\nstart: Thu Oct 24 09:21:20 2002
\nmem: 1fd, type: fork
\nvnode of current directory: 300041d98e8, vnode of root directory: 300041d98e8,
\n[rest of output deleted]<\/p>\n
Run crash, then “p #pid”, then “user SLOT”<\/p>\n
The fact that it lists “vnode of root directory” means it is chroot’d.<\/p>\n
pretty cool \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"
Digging through my old email archives I found this: Ok, I learned something really cool today from Sun. How can you tell if a process is chroot’d or not? ps gives you no clue, nor does the kmem. Here is a neat trick to figure this out.\u00a0 You have to love those kernal hackers!!! % […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[6],"tags":[],"class_list":["post-575","post","type-post","status-publish","format-standard","hentry","category-muggle-tech"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/575","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=575"}],"version-history":[{"count":1,"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/575\/revisions"}],"predecessor-version":[{"id":576,"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/575\/revisions\/576"}],"wp:attachment":[{"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=575"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=575"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yourservice.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}