From b38788d83796f12e6bb060b11ab7b843c4340c99 Mon Sep 17 00:00:00 2001
From: lns <matzeton@googlemail.com>
Date: Sat, 28 Apr 2018 12:08:54 +0200
Subject: POTD skeleton #36.

Signed-off-by: lns <matzeton@googlemail.com>
---
 src/jail.c  | 10 ++++++++++
 src/utils.c | 22 +++++++++++++++++-----
 2 files changed, 27 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/jail.c b/src/jail.c
index 740e51e..d97d702 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -249,6 +249,7 @@ error:
 static int jail_childfn(void *arg)
 {
     jail_prisoner_process *args;
+    const char *path_dev = "/dev";
     int term_fd;
     struct termios *term = NULL;
     struct winsize *win = NULL;
@@ -272,6 +273,15 @@ static int jail_childfn(void *arg)
         exit(EXIT_FAILURE);
     }
 
+    D2("Mounting %s to %s%s", path_dev, args->newroot, path_dev);
+    if (dir_is_mountpoint(path_dev) > 0) {
+        W2("%s%s is already a mountpoint", args->newroot, path_dev);
+    }
+    if (mount_dev(path_dev)) {
+        E2("Can not mount /dev to %s%s", args->newroot, path_dev);
+        exit(EXIT_FAILURE);
+    }
+
     D2("%s", "Forking a new pseudo terminal");
     child_pid = forkpty(&term_fd, NULL, term, win);
     if (!child_pid) {
diff --git a/src/utils.c b/src/utils.c
index ac0856c..8b89b6a 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -11,6 +11,7 @@
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/prctl.h>
+#include <sys/mount.h>
 #include <assert.h>
 
 #include "utils.h"
@@ -229,26 +230,37 @@ int safe_chroot(const char *newroot)
 
 int dir_is_mountpoint(const char *path)
 {
-    struct stat current, parent;
+    struct stat current = {0}, parent = {0};
     size_t plen = strlen(path);
     char parent_path[plen + 4];
 
     if (stat(path, &current))
-        return -1;
+        goto error;
+    strncpy(parent_path, path, plen);
     parent_path[plen] = '/';
     parent_path[plen+1] = '.';
     parent_path[plen+2] = '.';
     parent_path[plen+3] = 0;
 
     if (stat(parent_path, &parent))
-        return -1;
+        goto error;
 
-    return current.st_dev == parent.st_dev;
+    return current.st_dev != parent.st_dev;
+error:
+    W_STRERR("Mountpoint check");
+    return -1;
 }
 
 int mount_dev(const char *mount_path)
 {
-    if (!mount_path) {
+    int s;
+
+    s = mount("dev", mount_path, "devtmpfs",
+              0,
+              "rw,nosuid,relatime,size=4k,mode=755");
+    if (s) {
+        E_STRERR("Mount /dev");
+        return 1;
     }
 
     return 0;
-- 
cgit v1.2.3