Modernize chroot(8).
This commit is contained in:
parent
5d18d8be30
commit
49bf6298a7
1 changed files with 64 additions and 46 deletions
110
utils/chroot.c
110
utils/chroot.c
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2013, 2015, 2023 Jonas 'Sortie' Termansen.
|
* Copyright (c) 2013, 2015, 2023, 2024 Jonas 'Sortie' Termansen.
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
* purpose with or without fee is hereby granted, provided that the above
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
@ -91,14 +91,13 @@ int main(int argc, char* argv[])
|
||||||
if ( argc < 2 )
|
if ( argc < 2 )
|
||||||
error(1, 0, "missing operand, expected new root directory");
|
error(1, 0, "missing operand, expected new root directory");
|
||||||
|
|
||||||
if ( devices )
|
bool need_cleanup = devices;
|
||||||
|
|
||||||
|
// TODO: Why do we even have signal handling instead of just blocking the
|
||||||
|
// signals and waiting for the subprocess to react?
|
||||||
|
|
||||||
|
if ( need_cleanup )
|
||||||
{
|
{
|
||||||
if ( asprintf(&mount_point_dev, "%s/dev", argv[1]) < 0 )
|
|
||||||
error(1, errno, "asprintf: `%s/dev'", argv[1]);
|
|
||||||
|
|
||||||
// Create a device directory in the root filesystem.
|
|
||||||
mkdir(mount_point_dev, 0755);
|
|
||||||
|
|
||||||
struct sigaction sa;
|
struct sigaction sa;
|
||||||
memset(&sa, 0, sizeof(sa));
|
memset(&sa, 0, sizeof(sa));
|
||||||
sa.sa_handler = unmount_handler;
|
sa.sa_handler = unmount_handler;
|
||||||
|
@ -107,6 +106,15 @@ int main(int argc, char* argv[])
|
||||||
sigaction(SIGINT, &sa, NULL);
|
sigaction(SIGINT, &sa, NULL);
|
||||||
sigaction(SIGQUIT, &sa, NULL);
|
sigaction(SIGQUIT, &sa, NULL);
|
||||||
sigaction(SIGTERM, &sa, NULL);
|
sigaction(SIGTERM, &sa, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( devices )
|
||||||
|
{
|
||||||
|
if ( asprintf(&mount_point_dev, "%s/dev", argv[1]) < 0 )
|
||||||
|
error(1, errno, "asprintf: `%s/dev'", argv[1]);
|
||||||
|
|
||||||
|
// Create a device directory in the root filesystem.
|
||||||
|
mkdir(mount_point_dev, 0755);
|
||||||
|
|
||||||
// Mount the current device directory inside the new root filesystem.
|
// Mount the current device directory inside the new root filesystem.
|
||||||
int old_dev_fd = open("/dev", O_DIRECTORY | O_RDONLY);
|
int old_dev_fd = open("/dev", O_DIRECTORY | O_RDONLY);
|
||||||
|
@ -114,55 +122,65 @@ int main(int argc, char* argv[])
|
||||||
fsm_fsbind(old_dev_fd, new_dev_fd, 0);
|
fsm_fsbind(old_dev_fd, new_dev_fd, 0);
|
||||||
close(new_dev_fd);
|
close(new_dev_fd);
|
||||||
close(old_dev_fd);
|
close(old_dev_fd);
|
||||||
|
}
|
||||||
|
|
||||||
sigset_t oldset, sigs;
|
sigset_t oldset, sigs;
|
||||||
|
if ( need_cleanup )
|
||||||
|
{
|
||||||
sigemptyset(&sigs);
|
sigemptyset(&sigs);
|
||||||
sigaddset(&sigs, SIGHUP);
|
sigaddset(&sigs, SIGHUP);
|
||||||
sigaddset(&sigs, SIGINT);
|
sigaddset(&sigs, SIGINT);
|
||||||
sigaddset(&sigs, SIGQUIT);
|
sigaddset(&sigs, SIGQUIT);
|
||||||
sigaddset(&sigs, SIGTERM);
|
sigaddset(&sigs, SIGTERM);
|
||||||
sigprocmask(SIG_BLOCK, &sigs, &oldset);
|
sigprocmask(SIG_BLOCK, &sigs, &oldset);
|
||||||
pid_t child_pid = fork();
|
|
||||||
if ( child_pid < 0 )
|
|
||||||
{
|
|
||||||
int errnum = errno;
|
|
||||||
unmount(mount_point_dev, 0);
|
|
||||||
mount_point_dev = NULL;
|
|
||||||
sigprocmask(SIG_SETMASK, &oldset, NULL);
|
|
||||||
error(1, errnum, "fork");
|
|
||||||
}
|
|
||||||
if ( child_pid != 0 )
|
|
||||||
{
|
|
||||||
sigprocmask(SIG_SETMASK, &oldset, NULL);
|
|
||||||
int code;
|
|
||||||
waitpid(child_pid, &code, 0);
|
|
||||||
sigprocmask(SIG_BLOCK, &sigs, &oldset);
|
|
||||||
unmount(mount_point_dev, 0);
|
|
||||||
sigprocmask(SIG_SETMASK, &oldset, NULL);
|
|
||||||
mount_point_dev = NULL;
|
|
||||||
if ( WIFEXITED(code) )
|
|
||||||
return WEXITSTATUS(code);
|
|
||||||
raise(WTERMSIG(code));
|
|
||||||
return 128 + WTERMSIG(code);
|
|
||||||
}
|
|
||||||
signal(SIGHUP, SIG_DFL);
|
|
||||||
signal(SIGINT, SIG_DFL);
|
|
||||||
signal(SIGQUIT, SIG_DFL);
|
|
||||||
signal(SIGTERM, SIG_DFL);
|
|
||||||
sigprocmask(SIG_SETMASK, &oldset, NULL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( chroot(argv[1]) != 0 )
|
pid_t child_pid = need_cleanup ? fork() : 0;
|
||||||
error(1, errno, "`%s'", argv[1]);
|
if ( child_pid < 0 )
|
||||||
|
{
|
||||||
|
int errnum = errno;
|
||||||
|
unmount(mount_point_dev, 0);
|
||||||
|
mount_point_dev = NULL;
|
||||||
|
sigprocmask(SIG_SETMASK, &oldset, NULL);
|
||||||
|
error(1, errnum, "fork");
|
||||||
|
}
|
||||||
|
|
||||||
if ( chdir("/.") != 0 )
|
if ( !child_pid )
|
||||||
error(1, errno, "chdir: `%s/.'", argv[1]);
|
{
|
||||||
|
if ( need_cleanup )
|
||||||
|
{
|
||||||
|
signal(SIGHUP, SIG_DFL);
|
||||||
|
signal(SIGINT, SIG_DFL);
|
||||||
|
signal(SIGQUIT, SIG_DFL);
|
||||||
|
signal(SIGTERM, SIG_DFL);
|
||||||
|
sigprocmask(SIG_SETMASK, &oldset, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
char* default_argv[] = { (char*) "sh", (char*) NULL };
|
if ( chroot(argv[1]) != 0 )
|
||||||
|
error(1, errno, "`%s'", argv[1]);
|
||||||
|
|
||||||
char** exec_argv = 3 <= argc ? argv + 2 : default_argv;
|
if ( chdir("/.") != 0 )
|
||||||
execvp(exec_argv[0], exec_argv);
|
error(1, errno, "chdir: `%s/.'", argv[1]);
|
||||||
|
|
||||||
error(0, errno, "`%s'", exec_argv[0]);
|
char* default_argv[] = { (char*) "sh", (char*) NULL };
|
||||||
_exit(127);
|
|
||||||
|
char** exec_argv = 3 <= argc ? argv + 2 : default_argv;
|
||||||
|
execvp(exec_argv[0], exec_argv);
|
||||||
|
|
||||||
|
error(0, errno, "`%s'", exec_argv[0]);
|
||||||
|
_exit(127);
|
||||||
|
}
|
||||||
|
|
||||||
|
sigprocmask(SIG_SETMASK, &oldset, NULL);
|
||||||
|
int code;
|
||||||
|
waitpid(child_pid, &code, 0);
|
||||||
|
sigprocmask(SIG_BLOCK, &sigs, &oldset);
|
||||||
|
if ( devices )
|
||||||
|
unmount(mount_point_dev, 0);
|
||||||
|
sigprocmask(SIG_SETMASK, &oldset, NULL);
|
||||||
|
mount_point_dev = NULL;
|
||||||
|
if ( WIFEXITED(code) )
|
||||||
|
return WEXITSTATUS(code);
|
||||||
|
raise(WTERMSIG(code));
|
||||||
|
return 128 + WTERMSIG(code);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue