# Apache 2.2.x native chroot support

## Liphtier

Hello!

I have apache 2.0.x in a chroot environment

There's a /home/apache manually  crafted jail - all files needed for Apache itself, then for PHP, Perl, mysql.socket and other  stuff are there. Also apache, ssl configs and logs are there.

Pros - secure, mobile - I can put all stuff on a diskonkey and within minutes have it running on another host

Cons - if I need to update any soft inside the jail  I have to do it manually again and again.

Now there is a new feature in apache 2.2.x , first by mod_chroot and starting from v. 2.2.10, - buildin chroot functionality

I couldn't find any valuable information on the new concept, and I think I'm missing it

I have few questions and problems related to these questions.

First I don't understand  what should be and what should not be now inside the jail. 

It looks like the ChrootDir directive can  chroot only  to DocumentRoot directory: When  specified DocumentRoot is  inside the ChrootDir then the "DocumentRoot must be a directory" error occures

So if I can not put, for example, isolated mod_php into the jail, than apache will run  PHP scripts with mod_php having system wide access, so what is the point of chrooting here ?

I'm definitely missing something, but what ?

----------

## mimosinnet

 *Liphtier wrote:*   

> I have apache 2.0.x in a chroot environment

 

Liphtier, I have across the same question. After last system upgrade, I had lots of issues with the production server, and a chroot environment looks like an excellent solution, specially in case I have to run the system on another host.

Exploring on this issue, I have found one HowTo that uses app-misc/jail, the manual chroot and mod_chroot. 

I was wondering if you have tried mod_chroot, and which option are you using now. 

Thanks very much for your attention!

----------

