chroot fix

author: netblue30 <netblue30@yahoo.com> 2016-08-10 09:28:08 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-08-10 09:28:08 -0400
commit: 22a1bd30e405e3fdd1cf007d39dbc4939c5175b9 (patch)
tree: 8e51dc132631070dbae1be98a1f52d8b2d1d5eb5 /src
parent: Busybox workaround (diff)
download: firejail-22a1bd30e405e3fdd1cf007d39dbc4939c5175b9.tar.gz
firejail-22a1bd30e405e3fdd1cf007d39dbc4939c5175b9.tar.zst
firejail-22a1bd30e405e3fdd1cf007d39dbc4939c5175b9.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 5bcfa6066..86126672e 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -1064,6 +1064,16 @@ int fs_check_chroot_dir(const char *rootdir) {
        struct stat s;
        char *name;
+        // rootdir has to be owned by root
+        if (stat(rootdir, &s) != 0) {
+                fprintf(stderr, "Error: cannot find chroot directory\n");
+                return 1;
+        }
+        if (s.st_uid != 0) {
+                fprintf(stderr, "Error: chroot directory should be owned by root\n");
+                return 1;
+        }
        // check /dev
        if (asprintf(&name, "%s/dev", rootdir) == -1)
                errExit("asprintf");
author	netblue30 <netblue30@yahoo.com>	2016-08-10 09:28:08 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-08-10 09:28:08 -0400
commit	22a1bd30e405e3fdd1cf007d39dbc4939c5175b9 (patch)
tree	8e51dc132631070dbae1be98a1f52d8b2d1d5eb5 /src
parent	Busybox workaround (diff)
download	firejail-22a1bd30e405e3fdd1cf007d39dbc4939c5175b9.tar.gz firejail-22a1bd30e405e3fdd1cf007d39dbc4939c5175b9.tar.zst firejail-22a1bd30e405e3fdd1cf007d39dbc4939c5175b9.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 5bcfa6066..86126672e 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -1064,6 +1064,16 @@ int fs_check_chroot_dir(const char *rootdir) {
1064	struct stat s;	1064	struct stat s;
1065	char *name;	1065	char *name;
1066		1066
		1067	// rootdir has to be owned by root
		1068	if (stat(rootdir, &s) != 0) {
		1069	fprintf(stderr, "Error: cannot find chroot directory\n");
		1070	return 1;
		1071	}
		1072	if (s.st_uid != 0) {
		1073	fprintf(stderr, "Error: chroot directory should be owned by root\n");
		1074	return 1;
		1075	}
		1076
1067	// check /dev	1077	// check /dev
1068	if (asprintf(&name, "%s/dev", rootdir) == -1)	1078	if (asprintf(&name, "%s/dev", rootdir) == -1)
1069	errExit("asprintf");	1079	errExit("asprintf");