chroot (application sandboxing)

    
A chroot jail presents a dramatically restricted view of the filesystem to an application, and usually far fewer system privileges, and this all intends to limit the damage should the application go awry or be subverted by the bad guy.

Background:
The chroot system call changes the root directory of the current and all child processes to the given path, and this is nearly always some restricted subdirectory below the real root of the filesystem. This new path is seen entirely as "/" by the process, and we refer to this restricted environment as the "jail". It's not possible to escape this jail except in very limited circumstances.
The chroot system call is found in all versions of UNIX that we know of, and it serves to create a temporary root directory for a running process, and it's a way of taking a limited hierarchy of a filesystem (say, /chroot/named) and making this the top of the directory tree as seen by the application.

References: http://unixwiz.net/techtips/chroot-practices.html