Chroot example

Assuming you've set up a directory /var/convict with all the required libraries, etc, you can run the program /var/convict/prog chrooted in /var/convict, as user 'convict' as follows:
  #define CONVICT    "convict"
  #define CHROOT_DIR "/var/convict"
  #define PROG       "prog"         /* prog is installed in CHROOT_DIR */
  
  int main() {
    struct passwd *pw = getpwnam( CONVICT );
    if ( ! pw ) bail("getpwnam");
   
    if ( chdir(CHROOT_DIR)  < 0 ) bail("chdir");
    if ( chroot(CHROOT_DIR) < 0 ) bail("chroot");
    if ( setgid(pw->pw_gid) < 0 ) bail("setgid");
    if ( setuid(pw->pw_uid) < 0 ) bail("setuid");
   
    execl(PROG, PROG, NULL);  
    bail("execl");
}