diff options
| -rw-r--r-- | src/firejail/chroot.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index f5bb11a76..eac784e53 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
| @@ -35,8 +35,8 @@ void fs_check_chroot_dir(void) { | |||
| 35 | EUID_ASSERT(); | 35 | EUID_ASSERT(); |
| 36 | assert(cfg.chrootdir); | 36 | assert(cfg.chrootdir); |
| 37 | if (strstr(cfg.chrootdir, "..") || | 37 | if (strstr(cfg.chrootdir, "..") || |
| 38 | is_link(cfg.chrootdir) || | 38 | is_link(cfg.chrootdir) || |
| 39 | !is_dir(cfg.chrootdir)) | 39 | !is_dir(cfg.chrootdir)) |
| 40 | goto errout; | 40 | goto errout; |
| 41 | 41 | ||
| 42 | // check chroot dirname exists, chrooting into the root directory is not allowed | 42 | // check chroot dirname exists, chrooting into the root directory is not allowed |
| @@ -82,7 +82,7 @@ static void copy_resolvconf(int parentfd) { | |||
| 82 | if (arg_debug) | 82 | if (arg_debug) |
| 83 | printf("Updating /etc/resolv.conf in chroot\n"); | 83 | printf("Updating /etc/resolv.conf in chroot\n"); |
| 84 | unlinkat(parentfd, "etc/resolv.conf", 0); | 84 | unlinkat(parentfd, "etc/resolv.conf", 0); |
| 85 | int out = openat(parentfd, "etc/resolv.conf", O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 85 | int out = openat(parentfd, "etc/resolv.conf", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); |
| 86 | if (out == -1) | 86 | if (out == -1) |
| 87 | errExit("open"); | 87 | errExit("open"); |
| 88 | if (sendfile(out, in, NULL, src.st_size) == -1) | 88 | if (sendfile(out, in, NULL, src.st_size) == -1) |