- <term>--chroot</term>
- <listitem>
- <para>
- Before changing to the user ID given in the --user option, chroot to
- that user's home directory, i.e. make the kernel pretend to the
- <command>Privoxy</command> process that the directory tree starts
- there. If set up carefully, this can limit the impact of possible
- vulnerabilities in <command>Privoxy</command> to the files contained in
- that hierarchy.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>--pre-chroot-nslookup <replaceable class="parameter">hostname</replaceable></term>
- <listitem>
- <para>
- Initialize the resolver library using <replaceable class="parameter">hostname</replaceable>
- before chroot'ing. On some systems this reduces the number of files
- that must be copied into the chroot tree.
- </para>
- </listitem>