chroot — available on Unix since Version 7 in 1979 — changes a process’s idea of where the root directory is, trapping it in a subtree of the filesystem. It was designed for building and testing software in clean environments, not security. Security is the use case everyone immediately reached for anyway. A process inside a chroot jail can’t see files outside it, which sounds reassuring, until you learn that a process running as root can escape a chroot with about a dozen lines of C, that shared library mismatches regularly break chroot environments in creative ways, and that anything more serious than casual isolation really requires containers or jails. FreeBSD added proper jails in 1999 specifically because chroot wasn’t enough. Linux got namespaces and eventually Docker. chroot is still there, still technically works, and still routinely misapplied as a security measure by people who haven’t read the caveats.
