Chroot jails

The chroot() system call can change the root for a given program.

Excellent way to prevent a program from accessing files outside the chrooted area.

Need to copy any necessary files into chroot area
/etc/resolv.conf
/dev/log
/lib/ libraries

Root can generally break out of a chroot jail.