Fossil

If you run Fossil as root in any mode that serves data on the network, and you're running it on Unix or a compatible OS, Fossil will drop itself into a chroot(2) jail shortly after starting up, once it's done everything that requires root access. Most commonly, you run Fossil as root to allow it to bind to TCP port 80 for HTTP service, since normal users are restricted to ports 1024 and up on OSes where this behavior occurs.

Fossil uses the owner of the Fossil repository file as its new user ID when dropping root privileges.

When this happens, Fossil needs to have all of its dependencies inside the chroot jail in order to continue work. There are several things you typically need in order to make things work properly:

• the repository file(s)

• /dev/null — create it with mknod(8) inside the jail directory (Linux example, OpenBSD example)

• /dev/urandom — ditto

• /proc — you might need to mount this virtual filesystem inside the jail on Linux systems that make use of Fossil’s server load shedding feature

• any shared libraries your fossil binary is linked to, unless you configured Fossil with --static to avoid it

Fossil does all of this in order to protect the host OS. You can make it bypass the jail part of this by passing --nojail to fossil server, but you cannot make it skip the dropping of root privileges, on purpose.