Compare commits
3 Commits
e711a1d53a
...
40d23af355
Author | SHA1 | Date | |
---|---|---|---|
40d23af355 | |||
b5f83499f3 | |||
ff60ec227d |
10
exile.c
10
exile.c
@ -382,6 +382,7 @@ int exile_append_syscall_policy(struct exile_policy *exile_policy, long syscall,
|
|||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("Too many argfilters supplied\n");
|
EXILE_LOG_ERROR("Too many argfilters supplied\n");
|
||||||
exile_policy->exile_flags |= EXILE_FLAG_ADD_SYSCALL_POLICY_FAIL;
|
exile_policy->exile_flags |= EXILE_FLAG_ADD_SYSCALL_POLICY_FAIL;
|
||||||
|
free(newpolicy);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
for(size_t i = 0; i < n; i++)
|
for(size_t i = 0; i < n; i++)
|
||||||
@ -815,11 +816,13 @@ char *concat_path(const char *first, const char *second)
|
|||||||
if(written < 0)
|
if(written < 0)
|
||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("Error during path concatination\n");
|
EXILE_LOG_ERROR("Error during path concatination\n");
|
||||||
|
free(result);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if(written >= PATH_MAX)
|
if(written >= PATH_MAX)
|
||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("path concatination truncated\n");
|
EXILE_LOG_ERROR("path concatination truncated\n");
|
||||||
|
free(result);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
return result;
|
return result;
|
||||||
@ -869,6 +872,8 @@ static int create_chroot_dirs(const char *chroot_target_path, struct exile_path_
|
|||||||
static int perform_mounts(const char *chroot_target_path, struct exile_path_policy *path_policy)
|
static int perform_mounts(const char *chroot_target_path, struct exile_path_policy *path_policy)
|
||||||
{
|
{
|
||||||
while(path_policy != NULL)
|
while(path_policy != NULL)
|
||||||
|
{
|
||||||
|
if(path_policy->policy & EXILE_FS_ALLOW_ALL_READ || path_policy->policy & EXILE_FS_ALLOW_ALL_WRITE)
|
||||||
{
|
{
|
||||||
int mount_flags = get_policy_mount_flags(path_policy);
|
int mount_flags = get_policy_mount_flags(path_policy);
|
||||||
|
|
||||||
@ -880,8 +885,6 @@ static int perform_mounts(const char *chroot_target_path, struct exile_path_poli
|
|||||||
//all we do is bind mounts
|
//all we do is bind mounts
|
||||||
mount_flags |= MS_BIND;
|
mount_flags |= MS_BIND;
|
||||||
|
|
||||||
if(path_policy->policy & EXILE_FS_ALLOW_ALL_READ || path_policy->policy & EXILE_FS_ALLOW_ALL_WRITE)
|
|
||||||
{
|
|
||||||
int ret = mount(path_policy->path, path_inside_chroot, NULL, mount_flags, NULL);
|
int ret = mount(path_policy->path, path_inside_chroot, NULL, mount_flags, NULL);
|
||||||
if(ret < 0 )
|
if(ret < 0 )
|
||||||
{
|
{
|
||||||
@ -898,9 +901,10 @@ static int perform_mounts(const char *chroot_target_path, struct exile_path_poli
|
|||||||
free(path_inside_chroot);
|
free(path_inside_chroot);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
path_policy = path_policy->next;
|
|
||||||
free(path_inside_chroot);
|
free(path_inside_chroot);
|
||||||
}
|
}
|
||||||
|
path_policy = path_policy->next;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user