X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fprocd.git;a=blobdiff_plain;f=jail%2Fjail.c;h=2bba292d01fcf53563348828fbf8ccb52b1fad9a;hp=08d5ee157430a23d87f02332d8f170f930d0add4;hb=22b5270d16b92613d42c24168d33a8a14c74701a;hpb=dfcfcca7baf2b22d8dac1a724bdb7dd9d52f4c05;ds=sidebyside

diff --git a/jail/jail.c b/jail/jail.c
index 08d5ee1..2bba292 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -43,7 +43,7 @@
 #include <libubox/uloop.h>
 
 #define STACK_SIZE	(1024 * 1024)
-#define OPT_ARGS	"P:S:n:r:w:psuld"
+#define OPT_ARGS	"P:S:n:r:w:psuldo"
 
 struct extra {
 	struct list_head list;
@@ -143,7 +143,7 @@ static int build_jail(const char *path)
 
 	mkdir(path, 0755);
 
-	if (mount("tmpfs", path, "tmpfs", MS_NOATIME, "mode=0744")) {
+	if (mount("tmpfs", path, "tmpfs", MS_NOATIME, "mode=0755")) {
 		ERROR("tmpfs mount failed %s\n", strerror(errno));
 		return -1;
 	}
@@ -289,6 +289,7 @@ static int spawn_child(void *arg)
 	char **argv = arg;
 	int argc = 0, ch;
 	char *mpoint;
+	int ronly = 0;
 
 	while (argv[argc])
 		argc++;
@@ -305,16 +306,23 @@ static int spawn_child(void *arg)
 		case 'p':
 			procfs = 1;
 			break;
+		case 'o':
+			ronly = 1;
+			break;
 		case 's':
 			sysfs = 1;
 			break;
 		case 'n':
-			sethostname(optarg, strlen(optarg));
+			if (sethostname(optarg, strlen(optarg)))
+				ERROR("failed to sethostname: %s\n", strerror(errno));
 			break;
 		}
 	}
 
-	asprintf(&mpoint, "%s/old", path);
+	if (asprintf(&mpoint, "%s/old", path) < 0) {
+		ERROR("failed to alloc pivot path: %s\n", strerror(errno));
+		return -1;
+	}
 	mkdir_p(mpoint, 0755);
 	if (pivot_root(path, mpoint) == -1) {
 		ERROR("pivot_root failed:%s\n", strerror(errno));
@@ -331,7 +339,8 @@ static int spawn_child(void *arg)
 		mkdir("/sys", 0755);
 		mount("sysfs", "/sys", "sysfs", MS_NOATIME, 0);
 	}
-	mount(NULL, "/", NULL, MS_RDONLY | MS_REMOUNT, 0);
+	if (ronly)
+		mount(NULL, "/", NULL, MS_RDONLY | MS_REMOUNT, 0);
 
 	uloop_init();
 
@@ -365,13 +374,17 @@ static void spawn_namespace(const char *path, int argc, char **argv)
 	char *dir = get_current_dir_name();
 
 	uloop_init();
-	chdir(path);
+	if (chdir(path)) {
+		ERROR("failed to chdir() into the jail\n");
+		return;
+	}
 	namespace_process.pid = clone(spawn_child,
 			child_stack + STACK_SIZE,
 			CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | SIGCHLD, argv);
 
 	if (namespace_process.pid != -1) {
-		chdir(dir);
+		if (chdir(dir))
+			ERROR("failed to chdir() out of the jail\n");
 		free(dir);
 		uloop_process_add(&namespace_process);
 		uloop_run();