コミットを比較
共通のコミットはありません。 "40d23af355800b68041eab5c2c6df724535879d4" と "e711a1d53a9210f8f562f774901e5e044d20e67a" の履歴はすべて異なっています。
40d23af355
...
e711a1d53a
26
exile.c
26
exile.c
@ -382,7 +382,6 @@ int exile_append_syscall_policy(struct exile_policy *exile_policy, long syscall,
|
||||
{
|
||||
EXILE_LOG_ERROR("Too many argfilters supplied\n");
|
||||
exile_policy->exile_flags |= EXILE_FLAG_ADD_SYSCALL_POLICY_FAIL;
|
||||
free(newpolicy);
|
||||
return -1;
|
||||
}
|
||||
for(size_t i = 0; i < n; i++)
|
||||
@ -816,13 +815,11 @@ char *concat_path(const char *first, const char *second)
|
||||
if(written < 0)
|
||||
{
|
||||
EXILE_LOG_ERROR("Error during path concatination\n");
|
||||
free(result);
|
||||
return NULL;
|
||||
}
|
||||
if(written >= PATH_MAX)
|
||||
{
|
||||
EXILE_LOG_ERROR("path concatination truncated\n");
|
||||
free(result);
|
||||
return NULL;
|
||||
}
|
||||
return result;
|
||||
@ -873,18 +870,18 @@ static int perform_mounts(const char *chroot_target_path, struct exile_path_poli
|
||||
{
|
||||
while(path_policy != NULL)
|
||||
{
|
||||
int mount_flags = get_policy_mount_flags(path_policy);
|
||||
|
||||
char *path_inside_chroot = concat_path(chroot_target_path, path_policy->path);
|
||||
if(path_inside_chroot == NULL)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
//all we do is bind mounts
|
||||
mount_flags |= MS_BIND;
|
||||
|
||||
if(path_policy->policy & EXILE_FS_ALLOW_ALL_READ || path_policy->policy & EXILE_FS_ALLOW_ALL_WRITE)
|
||||
{
|
||||
int mount_flags = get_policy_mount_flags(path_policy);
|
||||
|
||||
char *path_inside_chroot = concat_path(chroot_target_path, path_policy->path);
|
||||
if(path_inside_chroot == NULL)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
//all we do is bind mounts
|
||||
mount_flags |= MS_BIND;
|
||||
|
||||
int ret = mount(path_policy->path, path_inside_chroot, NULL, mount_flags, NULL);
|
||||
if(ret < 0 )
|
||||
{
|
||||
@ -901,10 +898,9 @@ static int perform_mounts(const char *chroot_target_path, struct exile_path_poli
|
||||
free(path_inside_chroot);
|
||||
return ret;
|
||||
}
|
||||
|
||||
path_policy = path_policy->next;
|
||||
free(path_inside_chroot);
|
||||
}
|
||||
path_policy = path_policy->next;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
読み込み中…
新しいイシューから参照
ユーザーをブロックする