#include <libubox/uloop.h>
#define STACK_SIZE (1024 * 1024)
-#define OPT_ARGS "S:C:n:r:w:d:psuloc"
+#define OPT_ARGS "S:C:n:h:r:w:d:psuloc"
static struct {
char *name;
+ char *hostname;
char **jail_argv;
char *seccomp;
char *capabilities;
return -1;
}
- if (add_path_and_deps(*opts.jail_argv, 1, -1, 0)) {
- ERROR("failed to load dependencies\n");
- return -1;
- }
-
- if (opts.seccomp && add_path_and_deps("libpreload-seccomp.so", 1, -1, 1)) {
- ERROR("failed to load libpreload-seccomp.so\n");
- return -1;
- }
-
if (mount_all(jail_root)) {
ERROR("mount_all() failed\n");
return -1;
ERROR("pivot_root failed: %s\n", strerror(errno));
return -1;
}
+ if (chdir("/")) {
+ ERROR("chdir(/) failed: %s\n", strerror(errno));
+ return -1;
+ }
snprintf(dirbuf, sizeof(dirbuf), "/old%s", jail_root);
rmdir(dirbuf);
fprintf(stderr, " -c\t\tset PR_SET_NO_NEW_PRIVS\n");
fprintf(stderr, " -n <name>\tthe name of the jail\n");
fprintf(stderr, "namespace jail options:\n");
+ fprintf(stderr, " -h <hostname>\tchange the hostname of the jail\n");
fprintf(stderr, " -r <file>\treadonly files that should be staged\n");
fprintf(stderr, " -w <file>\twriteable files that should be staged\n");
fprintf(stderr, " -p\t\tjail has /proc\n");
static int exec_jail(void)
{
- char **envp = build_envp(opts.seccomp);
- if (!envp)
- exit(EXIT_FAILURE);
-
if (opts.capabilities && drop_capabilities(opts.capabilities))
exit(EXIT_FAILURE);
exit(EXIT_FAILURE);
}
+ char **envp = build_envp(opts.seccomp);
+ if (!envp)
+ exit(EXIT_FAILURE);
+
INFO("exec-ing %s\n", *opts.jail_argv);
execve(*opts.jail_argv, opts.jail_argv, envp);
/* we get there only if execve fails */
static int spawn_jail(void *_notused)
{
- if (opts.name && sethostname(opts.name, strlen(opts.name))) {
- ERROR("failed to sethostname: %s\n", strerror(errno));
+ if (opts.hostname && sethostname(opts.hostname, strlen(opts.hostname))) {
+ ERROR("sethostname(%s) failed: %s\n", opts.hostname, strerror(errno));
}
if (build_jail_fs()) {
case 'n':
opts.name = optarg;
break;
+ case 'h':
+ opts.hostname = optarg;
+ break;
case 'r':
opts.namespace = 1;
add_path_and_deps(optarg, 1, 0, 0);
opts.jail_argv = &argv[optind];
+ if (opts.namespace && add_path_and_deps(*opts.jail_argv, 1, -1, 0)) {
+ ERROR("failed to load dependencies\n");
+ return -1;
+ }
+
+ if (opts.namespace && opts.seccomp && add_path_and_deps("libpreload-seccomp.so", 1, -1, 1)) {
+ ERROR("failed to load libpreload-seccomp.so\n");
+ return -1;
+ }
+
if (opts.name)
prctl(PR_SET_NAME, opts.name, NULL, NULL, NULL);