diff options
author | smitsohu <smitsohu@gmail.com> | 2019-10-13 04:11:42 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-10-13 04:11:42 +0200 |
commit | b75eed551968674fd7b53979778f76d28dbd38ed (patch) | |
tree | 22399d55d69125e6f1177c73315143003bfc2bde /src | |
parent | x11 hardening (diff) | |
download | firejail-b75eed551968674fd7b53979778f76d28dbd38ed.tar.gz firejail-b75eed551968674fd7b53979778f76d28dbd38ed.tar.zst firejail-b75eed551968674fd7b53979778f76d28dbd38ed.zip |
fix chroot with mounted resolv.conf
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/chroot.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index eac784e53..1cc619c20 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -63,10 +63,8 @@ errout: | |||
63 | // copy /etc/resolv.conf in chroot directory | 63 | // copy /etc/resolv.conf in chroot directory |
64 | static void copy_resolvconf(int parentfd) { | 64 | static void copy_resolvconf(int parentfd) { |
65 | int in = open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC); | 65 | int in = open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC); |
66 | if (in == -1) { | 66 | if (in == -1) |
67 | fwarning("/etc/resolv.conf not initialized\n"); | 67 | goto errout; |
68 | return; | ||
69 | } | ||
70 | struct stat src; | 68 | struct stat src; |
71 | if (fstat(in, &src) == -1) | 69 | if (fstat(in, &src) == -1) |
72 | errExit("fstat"); | 70 | errExit("fstat"); |
@@ -83,12 +81,18 @@ static void copy_resolvconf(int parentfd) { | |||
83 | printf("Updating /etc/resolv.conf in chroot\n"); | 81 | printf("Updating /etc/resolv.conf in chroot\n"); |
84 | unlinkat(parentfd, "etc/resolv.conf", 0); | 82 | unlinkat(parentfd, "etc/resolv.conf", 0); |
85 | int out = openat(parentfd, "etc/resolv.conf", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 83 | int out = openat(parentfd, "etc/resolv.conf", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); |
86 | if (out == -1) | 84 | if (out == -1) { |
87 | errExit("open"); | 85 | close(in); |
86 | goto errout; | ||
87 | } | ||
88 | if (sendfile(out, in, NULL, src.st_size) == -1) | 88 | if (sendfile(out, in, NULL, src.st_size) == -1) |
89 | errExit("sendfile"); | 89 | errExit("sendfile"); |
90 | close(in); | 90 | close(in); |
91 | close(out); | 91 | close(out); |
92 | return; | ||
93 | |||
94 | errout: | ||
95 | fwarning("/etc/resolv.conf not initialized\n"); | ||
92 | } | 96 | } |
93 | 97 | ||
94 | // exit if error | 98 | // exit if error |