1 files changed, 10 insertions, 0 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 5bcfa6066..86126672e 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -1064,6 +1064,16 @@ int fs_check_chroot_dir(const char *rootdir) {
        struct stat s;
        char *name;
+        // rootdir has to be owned by root
+        if (stat(rootdir, &s) != 0) {
+                fprintf(stderr, "Error: cannot find chroot directory\n");
+                return 1;
+        }
+        if (s.st_uid != 0) {
+                fprintf(stderr, "Error: chroot directory should be owned by root\n");
+                return 1;
+        }
        // check /dev
        if (asprintf(&name, "%s/dev", rootdir) == -1)
                errExit("asprintf");

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 5bcfa6066..86126672e 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -1064,6 +1064,16 @@ int fs_check_chroot_dir(const char *rootdir) {
1064	struct stat s;	1064	struct stat s;
1065	char *name;	1065	char *name;
1066		1066
		1067	// rootdir has to be owned by root
		1068	if (stat(rootdir, &s) != 0) {
		1069	fprintf(stderr, "Error: cannot find chroot directory\n");
		1070	return 1;
		1071	}
		1072	if (s.st_uid != 0) {
		1073	fprintf(stderr, "Error: chroot directory should be owned by root\n");
		1074	return 1;
		1075	}
		1076
1067	// check /dev	1077	// check /dev
1068	if (asprintf(&name, "%s/dev", rootdir) == -1)	1078	if (asprintf(&name, "%s/dev", rootdir) == -1)
1069	errExit("asprintf");	1079	errExit("asprintf");