diff options
author | netblue30 <netblue30@yahoo.com> | 2017-09-28 07:57:46 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-09-28 07:57:46 -0400 |
commit | 96a70dc8c7c678bfc0a60c574f0102b4406dbc4f (patch) | |
tree | 854b3a491d9aef6fc797374dc6429254f52221bb /src | |
parent | Add a profile for PDFMod (diff) | |
download | firejail-96a70dc8c7c678bfc0a60c574f0102b4406dbc4f.tar.gz firejail-96a70dc8c7c678bfc0a60c574f0102b4406dbc4f.tar.zst firejail-96a70dc8c7c678bfc0a60c574f0102b4406dbc4f.zip |
fix resolv.conf in chroot, issue #1578
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 0ea71e6ba..0a6f40959 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1111,10 +1111,20 @@ void fs_check_chroot_dir(const char *rootdir) { | |||
1111 | exit(1); | 1111 | exit(1); |
1112 | } | 1112 | } |
1113 | } | 1113 | } |
1114 | if (is_link(name)) { | 1114 | else { |
1115 | fprintf(stderr, "Error: invalid %s file\n", name); | 1115 | fprintf(stderr, "Error: chroot /etc/resolv.conf not found\n"); |
1116 | exit(1); | 1116 | exit(1); |
1117 | } | 1117 | } |
1118 | // on Arch /etc/resolv.conf could be a symlink to /run/systemd/resolve/resolv.conf | ||
1119 | // on Ubuntu 17.04 /etc/resolv.conf could be a symlink to /run/resolveconf/resolv.conf | ||
1120 | if (is_link(name)) { | ||
1121 | // check the link points in chroot | ||
1122 | char *rname = realpath(name, NULL); | ||
1123 | if (!rname || strncmp(rname, rootdir, strlen(rootdir)) != 0) { | ||
1124 | fprintf(stderr, "Error: chroot /etc/resolv.conf is pointing outside chroot\n"); | ||
1125 | exit(1); | ||
1126 | } | ||
1127 | } | ||
1118 | free(name); | 1128 | free(name); |
1119 | 1129 | ||
1120 | // check x11 socket directory | 1130 | // check x11 socket directory |
@@ -1186,17 +1196,11 @@ void fs_chroot(const char *rootdir) { | |||
1186 | errExit("mount bind"); | 1196 | errExit("mount bind"); |
1187 | 1197 | ||
1188 | // copy /etc/resolv.conf in chroot directory | 1198 | // copy /etc/resolv.conf in chroot directory |
1189 | // if resolv.conf in chroot is a symbolic link, this will fail | ||
1190 | // no exit on error, let the user deal with the problem | ||
1191 | char *fname; | 1199 | char *fname; |
1192 | if (asprintf(&fname, "%s/etc/resolv.conf", rootdir) == -1) | 1200 | if (asprintf(&fname, "%s/etc/resolv.conf", rootdir) == -1) |
1193 | errExit("asprintf"); | 1201 | errExit("asprintf"); |
1194 | if (arg_debug) | 1202 | if (arg_debug) |
1195 | printf("Updating /etc/resolv.conf in %s\n", fname); | 1203 | printf("Updating /etc/resolv.conf in %s\n", fname); |
1196 | if (is_link(fname)) { | ||
1197 | fprintf(stderr, "Error: invalid %s file\n", fname); | ||
1198 | exit(1); | ||
1199 | } | ||
1200 | if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed | 1204 | if (copy_file("/etc/resolv.conf", fname, 0, 0, 0644) == -1) // root needed |
1201 | fwarning("/etc/resolv.conf not initialized\n"); | 1205 | fwarning("/etc/resolv.conf not initialized\n"); |
1202 | } | 1206 | } |