From 62015883ed2dd2e635f4147d2eb4c7a574984328 Mon Sep 17 00:00:00 2001
From: Jay Oster <jay@pubnub.com>
Date: Fri, 5 Aug 2016 15:59:06 -0700
Subject: [PATCH] Add documentation for chroot_env client configuration

---
 website/source/docs/agent/config.html.md | 28 ++++++++++++++++++++++++
 website/source/docs/drivers/exec.html.md |  5 ++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/website/source/docs/agent/config.html.md b/website/source/docs/agent/config.html.md
index 371c1137d..c28fe1b89 100644
--- a/website/source/docs/agent/config.html.md
+++ b/website/source/docs/agent/config.html.md
@@ -421,6 +421,9 @@ configured on server nodes.
   * <a id="options">`options`</a>: This is a key/value mapping of internal
     configuration for clients, such as for driver configuration. Please see
     [here](#options_map) for a description of available options.
+  * <a id="chroot_env">`chroot_env`</a>: This is a key/value mapping that
+    defines the chroot environment for jobs using the Exec and Java drivers.
+    Please see [here](#chroot_env_map) for an example and further information.
   * <a id="network_interface">`network_interface`</a>: This is a string to force
     network fingerprinting to use a specific network interface
   * <a id="network_speed">`network_speed`</a>: This is an int that sets the
@@ -496,6 +499,31 @@ documentation [here](/docs/drivers/index.html)
   If specified, fingerprinters not in the whitelist will be disabled. If the
   whitelist is empty, all fingerprinters are used.
 
+### <a id="chroot_env_map"></a>Client ChrootEnv Map
+
+Drivers based on [Isolated Fork/Exec](/docs/drivers/exec.html) implement file
+system isolation using chroot on Linux.  The `chroot_env` map allows the chroot
+environment to be configured using source paths on the host operating system.
+The mapping format is: `source_path -> dest_path`.
+
+The following example specifies a chroot which contains just enough to run the
+`ls` utility, and not much else:
+
+```
+chroot_env {
+    "/bin/ls" = "/bin/ls"
+    "/etc/ld.so.cache" = "/etc/ld.so.cache"
+    "/etc/ld.so.conf" = "/etc/ld.so.conf"
+    "/etc/ld.so.conf.d" = "/etc/ld.so.conf.d"
+    "/lib" = "/lib"
+    "/lib64" = "/lib64"
+}
+```
+
+When `chroot_env` is unspecified, the `exec` driver will use a default chroot
+environment with the most commonly used parts of the operating system. See
+`exec` documentation for the full list [here](/docs/drivers/exec.html#chroot).
+
 ## <a id="cli"></a>Command-line Options
 
 A subset of the available Nomad agent configuration can optionally be passed in
diff --git a/website/source/docs/drivers/exec.html.md b/website/source/docs/drivers/exec.html.md
index 4477c860e..20dfea5f7 100644
--- a/website/source/docs/drivers/exec.html.md
+++ b/website/source/docs/drivers/exec.html.md
@@ -96,9 +96,12 @@ the client and the configuration.
 On Linux, Nomad will use cgroups, and a chroot to isolate the
 resources of a process and as such the Nomad agent must be run as root.
 
-### Chroot
+### <a id="chroot"></a>Chroot
 The chroot is populated with data in the following folders from the host
 machine:
 
 `["/bin", "/etc", "/lib", "/lib32", "/lib64", "/run/resolvconf", "/sbin",
 "/usr"]`
+
+This list is configurable through the agent client
+[configuration file](/docs/agent/config.html#chroot_env).