diff options
author | smitsohu <smitsohu@gmail.com> | 2020-08-30 16:13:01 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2020-08-30 16:13:01 +0200 |
commit | 9e3ecc3f85e915cc2da51a92ab127ef9fe8c9346 (patch) | |
tree | 5ddd43cba5c87b32e3f2b63c34ba0356f9a099ac /src | |
parent | don't attempt to set window title if stdout is not a terminal (diff) | |
download | firejail-9e3ecc3f85e915cc2da51a92ab127ef9fe8c9346.tar.gz firejail-9e3ecc3f85e915cc2da51a92ab127ef9fe8c9346.tar.zst firejail-9e3ecc3f85e915cc2da51a92ab127ef9fe8c9346.zip |
chroot: unify path name handling
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/chroot.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 7411a2b48..a18c181ab 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -61,28 +61,32 @@ errout: | |||
61 | } | 61 | } |
62 | 62 | ||
63 | // copy /etc/resolv.conf or /etc/machine-id in chroot directory | 63 | // copy /etc/resolv.conf or /etc/machine-id in chroot directory |
64 | static void update_file(int parentfd, const char *fname) { | 64 | static void update_file(int parentfd, const char *relpath) { |
65 | assert(fname); | 65 | assert(relpath && relpath[0] && relpath[0] != '/'); |
66 | assert(fname[0] == '/'); | ||
67 | 66 | ||
68 | int in = open(fname, O_RDONLY|O_CLOEXEC); | 67 | char *abspath; |
68 | if (asprintf(&abspath, "/%s", relpath) == -1) | ||
69 | errExit("asprintf"); | ||
70 | int in = open(abspath, O_RDONLY|O_CLOEXEC); | ||
71 | free(abspath); | ||
69 | if (in == -1) | 72 | if (in == -1) |
70 | goto errout; | 73 | goto errout; |
74 | |||
71 | struct stat src; | 75 | struct stat src; |
72 | if (fstat(in, &src) == -1) | 76 | if (fstat(in, &src) == -1) |
73 | errExit("fstat"); | 77 | errExit("fstat"); |
74 | // try to detect if file has been bind mounted into the chroot | 78 | // try to detect if file has been bind mounted into the chroot |
75 | struct stat dst; | 79 | struct stat dst; |
76 | if (fstatat(parentfd, fname+1, &dst, 0) == 0) { | 80 | if (fstatat(parentfd, relpath, &dst, 0) == 0) { |
77 | if (src.st_dev == dst.st_dev && src.st_ino == dst.st_ino) { | 81 | if (src.st_dev == dst.st_dev && src.st_ino == dst.st_ino) { |
78 | close(in); | 82 | close(in); |
79 | return; | 83 | return; |
80 | } | 84 | } |
81 | } | 85 | } |
82 | if (arg_debug) | 86 | if (arg_debug) |
83 | printf("Updating %s in chroot\n", fname); | 87 | printf("Updating chroot /%s\n", relpath); |
84 | unlinkat(parentfd, fname+1, 0); | 88 | unlinkat(parentfd, relpath, 0); |
85 | int out = openat(parentfd, fname+1, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 89 | int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); |
86 | if (out == -1) { | 90 | if (out == -1) { |
87 | close(in); | 91 | close(in); |
88 | goto errout; | 92 | goto errout; |
@@ -94,12 +98,12 @@ static void update_file(int parentfd, const char *fname) { | |||
94 | return; | 98 | return; |
95 | 99 | ||
96 | errout: | 100 | errout: |
97 | fwarning("%s not initialized\n", fname); | 101 | fwarning("chroot /%s not initialized\n", relpath); |
98 | } | 102 | } |
99 | 103 | ||
100 | // exit if error | 104 | // exit if error |
101 | static void check_subdir(int parentfd, const char *subdir, int check_writable) { | 105 | static void check_subdir(int parentfd, const char *subdir, int check_writable) { |
102 | assert(subdir); | 106 | assert(subdir && subdir[0] && subdir[0] != '/'); |
103 | struct stat s; | 107 | struct stat s; |
104 | if (fstatat(parentfd, subdir, &s, AT_SYMLINK_NOFOLLOW) != 0) { | 108 | if (fstatat(parentfd, subdir, &s, AT_SYMLINK_NOFOLLOW) != 0) { |
105 | fprintf(stderr, "Error: cannot find /%s in chroot directory\n", subdir); | 109 | fprintf(stderr, "Error: cannot find /%s in chroot directory\n", subdir); |
@@ -223,7 +227,7 @@ void fs_chroot(const char *rootdir) { | |||
223 | close(dst); | 227 | close(dst); |
224 | 228 | ||
225 | // update /etc/machine-id in chroot | 229 | // update /etc/machine-id in chroot |
226 | update_file(parentfd, "/etc/machine-id"); | 230 | update_file(parentfd, "etc/machine-id"); |
227 | } | 231 | } |
228 | 232 | ||
229 | // create /run/firejail directory in chroot | 233 | // create /run/firejail directory in chroot |
@@ -262,7 +266,7 @@ void fs_chroot(const char *rootdir) { | |||
262 | close(fd); | 266 | close(fd); |
263 | 267 | ||
264 | // update chroot resolv.conf | 268 | // update chroot resolv.conf |
265 | update_file(parentfd, "/etc/resolv.conf"); | 269 | update_file(parentfd, "etc/resolv.conf"); |
266 | 270 | ||
267 | #ifdef HAVE_GCOV | 271 | #ifdef HAVE_GCOV |
268 | __gcov_flush(); | 272 | __gcov_flush(); |