POTD skeleton #34.

Signed-off-by: lns <matzeton@googlemail.com>

1 files changed, 13 insertions, 0 deletions

diff --git a/src/jail.c b/src/jail.c
index abf88e5..d5e2716 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -16,6 +16,7 @@ typedef struct jail_prisoner_process {
     pid_t prisoner_pid;
     psocket client_psock;
     char host_buf[NI_MAXHOST], service_buf[NI_MAXSERV];
+    char *newroot;
 } jail_prisoner_process;
 
 static int jail_mainloop_epoll(int epoll_fd, jail_ctx *ctx[], size_t siz);
@@ -212,6 +213,7 @@ static int jail_accept_client(jail_ctx *ctx[],
         if (ctx[i]->sock.fd == event->data.fd) {
             args = (jail_prisoner_process *) calloc(1, sizeof(*args));
             assert(args);
+            args->newroot = ctx[i]->newroot;
 
             if (socket_accept_in(&ctx[i]->sock, &args->client_psock)) {
                 E_STRERR("Could not accept client connection");
@@ -254,6 +256,17 @@ static int jail_childfn(void *arg)
         E_STRERR("Jail child prctl");
         exit(EXIT_FAILURE);
     }
+
+    if (!args->newroot) {
+        E2("%s", "No new root set");
+        exit(EXIT_FAILURE);
+    }
+    N2("Safe change root to: '%s'", args->newroot);
+    if (safe_chroot(args->newroot)) {
+        E2("Safe jail chroot to '%s' failed", args->newroot);
+        exit(EXIT_FAILURE);
+    }
+
     printf("----> CHILD FN: %d <----\n", args->client_psock.fd);
     sleep(10);