aboutsummaryrefslogtreecommitdiff
path: root/src/jail.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/jail.c')
-rw-r--r--src/jail.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/jail.c b/src/jail.c
index abf88e5..d5e2716 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -16,6 +16,7 @@ typedef struct jail_prisoner_process {
pid_t prisoner_pid;
psocket client_psock;
char host_buf[NI_MAXHOST], service_buf[NI_MAXSERV];
+ char *newroot;
} jail_prisoner_process;
static int jail_mainloop_epoll(int epoll_fd, jail_ctx *ctx[], size_t siz);
@@ -212,6 +213,7 @@ static int jail_accept_client(jail_ctx *ctx[],
if (ctx[i]->sock.fd == event->data.fd) {
args = (jail_prisoner_process *) calloc(1, sizeof(*args));
assert(args);
+ args->newroot = ctx[i]->newroot;
if (socket_accept_in(&ctx[i]->sock, &args->client_psock)) {
E_STRERR("Could not accept client connection");
@@ -254,6 +256,17 @@ static int jail_childfn(void *arg)
E_STRERR("Jail child prctl");
exit(EXIT_FAILURE);
}
+
+ if (!args->newroot) {
+ E2("%s", "No new root set");
+ exit(EXIT_FAILURE);
+ }
+ N2("Safe change root to: '%s'", args->newroot);
+ if (safe_chroot(args->newroot)) {
+ E2("Safe jail chroot to '%s' failed", args->newroot);
+ exit(EXIT_FAILURE);
+ }
+
printf("----> CHILD FN: %d <----\n", args->client_psock.fd);
sleep(10);
Powered by cgit, Themed by Ted Yin.