From bd86049c52a8707f6a98fed717bc03b5bfeb60f5 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 11 Jul 2022 21:37:05 +0200
Subject: cleanup

---
 src/firejail/chroot.c | 28 +++++++---------------------
 1 file changed, 7 insertions(+), 21 deletions(-)

diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index ccd954a93..6f484e59a 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -33,41 +33,27 @@
 void fs_check_chroot_dir(void) {
 	EUID_ASSERT();
 	assert(cfg.chrootdir);
-	if (strstr(cfg.chrootdir, "..") ||
-	    is_link(cfg.chrootdir))
-		goto errout;
 
 	// check chroot dirname exists, chrooting into the root directory is not allowed
 	char *rpath = realpath(cfg.chrootdir, NULL);
-	if (rpath == NULL || !is_dir(rpath) || strcmp(rpath, "/") == 0)
-		goto errout;
-
-	char *overlay;
-	if (asprintf(&overlay, "%s/.firejail", cfg.homedir) == -1)
-		errExit("asprintf");
-	if (strncmp(rpath, overlay, strlen(overlay)) == 0) {
-		fprintf(stderr, "Error: invalid chroot directory: no directories in %s are allowed\n", overlay);
+	if (rpath == NULL || !is_dir(rpath) || strcmp(rpath, "/") == 0) {
+		fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir);
 		exit(1);
 	}
-	free(overlay);
 
 	cfg.chrootdir = rpath;
 	return;
-
-errout:
-	fprintf(stderr, "Error: invalid chroot directory %s\n", cfg.chrootdir);
-	exit(1);
 }
 
 // copy /etc/resolv.conf or /etc/machine-id in chroot directory
 static void update_file(int parentfd, const char *relpath) {
 	assert(relpath && relpath[0] && relpath[0] != '/');
 
-	char *abspath;
-	if (asprintf(&abspath, "/%s", relpath) == -1)
-		errExit("asprintf");
-	int in = open(abspath, O_RDONLY|O_CLOEXEC);
-	free(abspath);
+	int rootfd = open("/", O_PATH|O_CLOEXEC);
+	if (rootfd == -1)
+		errExit("open");
+	int in = openat(rootfd, relpath, O_RDONLY|O_CLOEXEC);
+	close(rootfd);
 	if (in == -1)
 		goto errout;
 
-- 
cgit v1.2.3-54-g00ecf