From 49bf6298a7535c9c737d49eb49de4b629f30a4ca Mon Sep 17 00:00:00 2001 From: Jonas 'Sortie' Termansen Date: Sun, 16 Jun 2024 20:15:31 +0000 Subject: [PATCH] Modernize chroot(8). --- utils/chroot.c | 110 ++++++++++++++++++++++++++++--------------------- 1 file changed, 64 insertions(+), 46 deletions(-) diff --git a/utils/chroot.c b/utils/chroot.c index 62494ead..34e6fc8c 100644 --- a/utils/chroot.c +++ b/utils/chroot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, 2023 Jonas 'Sortie' Termansen. + * Copyright (c) 2013, 2015, 2023, 2024 Jonas 'Sortie' Termansen. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -91,14 +91,13 @@ int main(int argc, char* argv[]) if ( argc < 2 ) error(1, 0, "missing operand, expected new root directory"); - if ( devices ) + bool need_cleanup = devices; + + // TODO: Why do we even have signal handling instead of just blocking the + // signals and waiting for the subprocess to react? + + if ( need_cleanup ) { - if ( asprintf(&mount_point_dev, "%s/dev", argv[1]) < 0 ) - error(1, errno, "asprintf: `%s/dev'", argv[1]); - - // Create a device directory in the root filesystem. - mkdir(mount_point_dev, 0755); - struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = unmount_handler; @@ -107,6 +106,15 @@ int main(int argc, char* argv[]) sigaction(SIGINT, &sa, NULL); sigaction(SIGQUIT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); + } + + if ( devices ) + { + if ( asprintf(&mount_point_dev, "%s/dev", argv[1]) < 0 ) + error(1, errno, "asprintf: `%s/dev'", argv[1]); + + // Create a device directory in the root filesystem. + mkdir(mount_point_dev, 0755); // Mount the current device directory inside the new root filesystem. int old_dev_fd = open("/dev", O_DIRECTORY | O_RDONLY); @@ -114,55 +122,65 @@ int main(int argc, char* argv[]) fsm_fsbind(old_dev_fd, new_dev_fd, 0); close(new_dev_fd); close(old_dev_fd); + } - sigset_t oldset, sigs; + sigset_t oldset, sigs; + if ( need_cleanup ) + { sigemptyset(&sigs); sigaddset(&sigs, SIGHUP); sigaddset(&sigs, SIGINT); sigaddset(&sigs, SIGQUIT); sigaddset(&sigs, SIGTERM); sigprocmask(SIG_BLOCK, &sigs, &oldset); - pid_t child_pid = fork(); - if ( child_pid < 0 ) - { - int errnum = errno; - unmount(mount_point_dev, 0); - mount_point_dev = NULL; - sigprocmask(SIG_SETMASK, &oldset, NULL); - error(1, errnum, "fork"); - } - if ( child_pid != 0 ) - { - sigprocmask(SIG_SETMASK, &oldset, NULL); - int code; - waitpid(child_pid, &code, 0); - sigprocmask(SIG_BLOCK, &sigs, &oldset); - unmount(mount_point_dev, 0); - sigprocmask(SIG_SETMASK, &oldset, NULL); - mount_point_dev = NULL; - if ( WIFEXITED(code) ) - return WEXITSTATUS(code); - raise(WTERMSIG(code)); - return 128 + WTERMSIG(code); - } - signal(SIGHUP, SIG_DFL); - signal(SIGINT, SIG_DFL); - signal(SIGQUIT, SIG_DFL); - signal(SIGTERM, SIG_DFL); - sigprocmask(SIG_SETMASK, &oldset, NULL); } - if ( chroot(argv[1]) != 0 ) - error(1, errno, "`%s'", argv[1]); + pid_t child_pid = need_cleanup ? fork() : 0; + if ( child_pid < 0 ) + { + int errnum = errno; + unmount(mount_point_dev, 0); + mount_point_dev = NULL; + sigprocmask(SIG_SETMASK, &oldset, NULL); + error(1, errnum, "fork"); + } - if ( chdir("/.") != 0 ) - error(1, errno, "chdir: `%s/.'", argv[1]); + if ( !child_pid ) + { + if ( need_cleanup ) + { + signal(SIGHUP, SIG_DFL); + signal(SIGINT, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + signal(SIGTERM, SIG_DFL); + sigprocmask(SIG_SETMASK, &oldset, NULL); + } - char* default_argv[] = { (char*) "sh", (char*) NULL }; + if ( chroot(argv[1]) != 0 ) + error(1, errno, "`%s'", argv[1]); - char** exec_argv = 3 <= argc ? argv + 2 : default_argv; - execvp(exec_argv[0], exec_argv); + if ( chdir("/.") != 0 ) + error(1, errno, "chdir: `%s/.'", argv[1]); - error(0, errno, "`%s'", exec_argv[0]); - _exit(127); + char* default_argv[] = { (char*) "sh", (char*) NULL }; + + char** exec_argv = 3 <= argc ? argv + 2 : default_argv; + execvp(exec_argv[0], exec_argv); + + error(0, errno, "`%s'", exec_argv[0]); + _exit(127); + } + + sigprocmask(SIG_SETMASK, &oldset, NULL); + int code; + waitpid(child_pid, &code, 0); + sigprocmask(SIG_BLOCK, &sigs, &oldset); + if ( devices ) + unmount(mount_point_dev, 0); + sigprocmask(SIG_SETMASK, &oldset, NULL); + mount_point_dev = NULL; + if ( WIFEXITED(code) ) + return WEXITSTATUS(code); + raise(WTERMSIG(code)); + return 128 + WTERMSIG(code); }