From 3c35e7f137092eb3be7da35e6291a60102b56bc0 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 20 May 2026 11:05:17 +0200
Subject: [PATCH] MINOR: startup: do not execute chroot() when "/"

We'll recommend to use "chroot /" to explicitly disable chroot, however
there might be configurations where it would cause problems to just issue
the syscall (typically some hardened containers), so let's make sure that
"chroot /" is a nop in this case.
---
 src/haproxy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/haproxy.c b/src/haproxy.c
index 3a4318753..68ab5d5ee 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -3351,7 +3351,7 @@ static int do_chroot(const char *prog, const char *path)
 		DISGUISE(rmdir(tmpdir));
 		if (!error)
 			error = chroot(".");
-	} else {
+	} else if (strcmp(path, "/") != 0) {
 		error = chroot(path);
 	}
 	if (!error)