diff options
-rw-r--r-- | src/firejail/chroot.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 6f484e59a..72322221c 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -119,6 +119,11 @@ void fs_chroot(const char *rootdir) { | |||
119 | int parentfd = safer_openat(-1, rootdir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 119 | int parentfd = safer_openat(-1, rootdir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
120 | if (parentfd == -1) | 120 | if (parentfd == -1) |
121 | errExit("safer_openat"); | 121 | errExit("safer_openat"); |
122 | |||
123 | if (faccessat(parentfd, ".", X_OK, 0) != 0) { | ||
124 | fprintf(stderr, "Error: no search permission on chroot directory\n"); | ||
125 | exit(1); | ||
126 | } | ||
122 | // rootdir has to be owned by root and is not allowed to be generally writable, | 127 | // rootdir has to be owned by root and is not allowed to be generally writable, |
123 | // this also excludes /tmp and friends | 128 | // this also excludes /tmp and friends |
124 | struct stat s; | 129 | struct stat s; |