diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-09-28 07:57:46 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-09-28 07:57:46 -0400 |
| commit | 96a70dc8c7c678bfc0a60c574f0102b4406dbc4f (patch) | |
| tree | 854b3a491d9aef6fc797374dc6429254f52221bb | |
| parent | Add a profile for PDFMod (diff) | |
| download | firejail-96a70dc8c7c678bfc0a60c574f0102b4406dbc4f.tar.gz firejail-96a70dc8c7c678bfc0a60c574f0102b4406dbc4f.tar.zst firejail-96a70dc8c7c678bfc0a60c574f0102b4406dbc4f.zip | |
fix resolv.conf in chroot, issue #1578
| -rw-r--r-- | src/firejail/fs.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 0ea71e6ba..0a6f40959 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -1111,10 +1111,20 @@ void fs_check_chroot_dir(const char *rootdir) { | |||
| 1111 | exit(1); | 1111 | exit(1); |
| 1112 | } | 1112 | } |
| 1113 | } | 1113 | } |
| 1114 | if (is_link(name)) { | 1114 | else { |
| 1115 | fprintf(stderr, "Error: invalid %s file\n", name); | 1115 | fprintf(stderr, "Error: chroot /etc/resolv.conf not found\n"); |
| 1116 | exit(1); | 1116 | exit(1); |
| 1117 | } | 1117 | } |
| 1118 | // on Arch /etc/resolv.conf could be a symlink to /run/systemd/resolve/resolv.conf | ||
| 1119 | // on Ubuntu 17.04 /etc/resolv.conf could be a symlink to /run/resolveconf/resolv.conf | ||
| 1120 | if (is_link(name)) { | ||
| 1121 | // check the link points in chroot | ||
| 1122 | char *rname = realpath(name, NULL); | ||
| 1123 | if (!rname || strncmp(rname, rootdir, strlen(rootdir)) != 0) { | ||
| 1124 | fprintf(stderr, "Error: chroot /etc/resolv.conf is pointing outside chroot\n"); | ||
| 1125 | exit(1); | ||
| 1126 | } | ||
| 1127 | } | ||
| 1118 | free(name); | 1128 | free(name); |
| 1119 | 1129 | ||
| 1120 | // check x11 socket directory | 1130 | // check x11 socket directory |
| @@ -1186,17 +1196,11 @@ void fs_chroot(const char *rootdir) { | |||
| 1186 | errExit("mount bind"); | 1196 | errExit("mount bind"); |
| 1187 | 1197 | ||
| 1188 | // copy /etc/resolv.conf in chroot directory | 1198 | // copy /etc/resolv.conf in chroot directory |
| 1189 | // if resolv.conf in chroot is a symbolic link, this will fail | ||
| 1190 | // no exit on error, let the user deal with the problem | ||
| 1191 | char *fname; | 1199 | char *fname; |
| 1192 | if (asprintf(&fname, "%s/etc/resolv.conf", rootdir) == -1) | 1200 | if (asprintf(&fname, "%s/etc/resolv.conf", rootdir) == -1) |
| 1193 | errExit("asprintf"); | 1201 | errExit("asprintf"); |
| 1194 | if (arg_debug) | 1202 | if (arg_debug) |
| 1195 | printf("Updating /etc/resolv.conf in %s\n", fname); | 1203 | printf("Updating /etc/resolv.conf in %s\n", fname); |
| 1196 | if (is_link(fname)) { | ||
| 1197 | fprintf(stderr, "Error: invalid %s file\n", fname); | ||
| 1198 | exit(1); | ||
| 1199 | } | ||
| 1200 | if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed | 1204 | if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed |
| 1201 | fwarning("/etc/resolv.conf not initialized\n"); | 1205 | fwarning("/etc/resolv.conf not initialized\n"); |
| 1202 | } | 1206 | } |