diff options
| -rw-r--r-- | src/firejail/chroot.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 6f484e59a..72322221c 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
| @@ -119,6 +119,11 @@ void fs_chroot(const char *rootdir) { | |||
| 119 | int parentfd = safer_openat(-1, rootdir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); | 119 | int parentfd = safer_openat(-1, rootdir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); |
| 120 | if (parentfd == -1) | 120 | if (parentfd == -1) |
| 121 | errExit("safer_openat"); | 121 | errExit("safer_openat"); |
| 122 | |||
| 123 | if (faccessat(parentfd, ".", X_OK, 0) != 0) { | ||
| 124 | fprintf(stderr, "Error: no search permission on chroot directory\n"); | ||
| 125 | exit(1); | ||
| 126 | } | ||
| 122 | // rootdir has to be owned by root and is not allowed to be generally writable, | 127 | // rootdir has to be owned by root and is not allowed to be generally writable, |
| 123 | // this also excludes /tmp and friends | 128 | // this also excludes /tmp and friends |
| 124 | struct stat s; | 129 | struct stat s; |