diff options
| author |  smitsohu <smitsohu@gmail.com> | 2020-08-30 16:13:01 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2020-08-30 16:13:01 +0200 |
| commit | 9e3ecc3f85e915cc2da51a92ab127ef9fe8c9346 (patch) | |
| tree | 5ddd43cba5c87b32e3f2b63c34ba0356f9a099ac | |
| parent | don't attempt to set window title if stdout is not a terminal (diff) | |
| download | firejail-9e3ecc3f85e915cc2da51a92ab127ef9fe8c9346.tar.gz firejail-9e3ecc3f85e915cc2da51a92ab127ef9fe8c9346.tar.zst firejail-9e3ecc3f85e915cc2da51a92ab127ef9fe8c9346.zip | |
chroot: unify path name handling
| -rw-r--r-- | src/firejail/chroot.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 7411a2b48..a18c181ab 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
| @@ -61,28 +61,32 @@ errout: | |||
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | // copy /etc/resolv.conf or /etc/machine-id in chroot directory | 63 | // copy /etc/resolv.conf or /etc/machine-id in chroot directory |
| 64 | static void update_file(int parentfd, const char *fname) { | 64 | static void update_file(int parentfd, const char *relpath) { |
| 65 | assert(fname); | 65 | assert(relpath && relpath[0] && relpath[0] != '/'); |
| 66 | assert(fname[0] == '/'); | ||
| 67 | 66 | ||
| 68 | int in = open(fname, O_RDONLY|O_CLOEXEC); | 67 | char *abspath; |
| 68 | if (asprintf(&abspath, "/%s", relpath) == -1) | ||
| 69 | errExit("asprintf"); | ||
| 70 | int in = open(abspath, O_RDONLY|O_CLOEXEC); | ||
| 71 | free(abspath); | ||
| 69 | if (in == -1) | 72 | if (in == -1) |
| 70 | goto errout; | 73 | goto errout; |
| 74 | |||
| 71 | struct stat src; | 75 | struct stat src; |
| 72 | if (fstat(in, &src) == -1) | 76 | if (fstat(in, &src) == -1) |
| 73 | errExit("fstat"); | 77 | errExit("fstat"); |
| 74 | // try to detect if file has been bind mounted into the chroot | 78 | // try to detect if file has been bind mounted into the chroot |
| 75 | struct stat dst; | 79 | struct stat dst; |
| 76 | if (fstatat(parentfd, fname+1, &dst, 0) == 0) { | 80 | if (fstatat(parentfd, relpath, &dst, 0) == 0) { |
| 77 | if (src.st_dev == dst.st_dev && src.st_ino == dst.st_ino) { | 81 | if (src.st_dev == dst.st_dev && src.st_ino == dst.st_ino) { |
| 78 | close(in); | 82 | close(in); |
| 79 | return; | 83 | return; |
| 80 | } | 84 | } |
| 81 | } | 85 | } |
| 82 | if (arg_debug) | 86 | if (arg_debug) |
| 83 | printf("Updating %s in chroot\n", fname); | 87 | printf("Updating chroot /%s\n", relpath); |
| 84 | unlinkat(parentfd, fname+1, 0); | 88 | unlinkat(parentfd, relpath, 0); |
| 85 | int out = openat(parentfd, fname+1, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 89 | int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); |
| 86 | if (out == -1) { | 90 | if (out == -1) { |
| 87 | close(in); | 91 | close(in); |
| 88 | goto errout; | 92 | goto errout; |
| @@ -94,12 +98,12 @@ static void update_file(int parentfd, const char *fname) { | |||
| 94 | return; | 98 | return; |
| 95 | 99 | ||
| 96 | errout: | 100 | errout: |
| 97 | fwarning("%s not initialized\n", fname); | 101 | fwarning("chroot /%s not initialized\n", relpath); |
| 98 | } | 102 | } |
| 99 | 103 | ||
| 100 | // exit if error | 104 | // exit if error |
| 101 | static void check_subdir(int parentfd, const char *subdir, int check_writable) { | 105 | static void check_subdir(int parentfd, const char *subdir, int check_writable) { |
| 102 | assert(subdir); | 106 | assert(subdir && subdir[0] && subdir[0] != '/'); |
| 103 | struct stat s; | 107 | struct stat s; |
| 104 | if (fstatat(parentfd, subdir, &s, AT_SYMLINK_NOFOLLOW) != 0) { | 108 | if (fstatat(parentfd, subdir, &s, AT_SYMLINK_NOFOLLOW) != 0) { |
| 105 | fprintf(stderr, "Error: cannot find /%s in chroot directory\n", subdir); | 109 | fprintf(stderr, "Error: cannot find /%s in chroot directory\n", subdir); |
| @@ -223,7 +227,7 @@ void fs_chroot(const char *rootdir) { | |||
| 223 | close(dst); | 227 | close(dst); |
| 224 | 228 | ||
| 225 | // update /etc/machine-id in chroot | 229 | // update /etc/machine-id in chroot |
| 226 | update_file(parentfd, "/etc/machine-id"); | 230 | update_file(parentfd, "etc/machine-id"); |
| 227 | } | 231 | } |
| 228 | 232 | ||
| 229 | // create /run/firejail directory in chroot | 233 | // create /run/firejail directory in chroot |
| @@ -262,7 +266,7 @@ void fs_chroot(const char *rootdir) { | |||
| 262 | close(fd); | 266 | close(fd); |
| 263 | 267 | ||
| 264 | // update chroot resolv.conf | 268 | // update chroot resolv.conf |
| 265 | update_file(parentfd, "/etc/resolv.conf"); | 269 | update_file(parentfd, "etc/resolv.conf"); |
| 266 | 270 | ||
| 267 | #ifdef HAVE_GCOV | 271 | #ifdef HAVE_GCOV |
| 268 | __gcov_flush(); | 272 | __gcov_flush(); |