Chroot to 'chrootdir' after setting up tunnel

[Kodmod]

Can you elaborate on the '-t' option? What is it for and why does it work even on an empty directory (non-bootstrapped)?

Thanks

[yarrick]

The chroot operation (set with -t) is done once all the required file descriptors (mostly network sockets) are opened. Switching root to an empty directory is meant to reduce the amount of bad things that can happen if the process somehow is tricked into running malicious code. The -u flag to switch user works the same and for the same reason, to avoid having root permissions which are no longer needed.

[Kodmod]

Yea, I thought it was a sandboxing feature. So, should I bootstrap the directory or is it ok to just leave it completely empty?

[yarrick]

Using an empty directory is best.