1*cf5a6c84SAndroid Build Coastguard Worker /* chroot.c - Run command in new root directory. 2*cf5a6c84SAndroid Build Coastguard Worker * 3*cf5a6c84SAndroid Build Coastguard Worker * Copyright 2007 Rob Landley <[email protected]> 4*cf5a6c84SAndroid Build Coastguard Worker * 5*cf5a6c84SAndroid Build Coastguard Worker * TODO: The test for root is "==" so root can trivially escape a chroot by 6*cf5a6c84SAndroid Build Coastguard Worker * moving it below cwd, ala mkdir("sub"); chroot("sub"); chdir("../../../..") 7*cf5a6c84SAndroid Build Coastguard Worker * The container guys use pivot_root() to deal with this, which does actually 8*cf5a6c84SAndroid Build Coastguard Worker * edit mount tree. (New option? Kernel patch?) 9*cf5a6c84SAndroid Build Coastguard Worker 10*cf5a6c84SAndroid Build Coastguard Worker USE_CHROOT(NEWTOY(chroot, "^<1", TOYFLAG_USR|TOYFLAG_SBIN|TOYFLAG_ARGFAIL(125))) 11*cf5a6c84SAndroid Build Coastguard Worker 12*cf5a6c84SAndroid Build Coastguard Worker config CHROOT 13*cf5a6c84SAndroid Build Coastguard Worker bool "chroot" 14*cf5a6c84SAndroid Build Coastguard Worker default y 15*cf5a6c84SAndroid Build Coastguard Worker help 16*cf5a6c84SAndroid Build Coastguard Worker usage: chroot NEWROOT [COMMAND [ARG...]] 17*cf5a6c84SAndroid Build Coastguard Worker 18*cf5a6c84SAndroid Build Coastguard Worker Run command within a new root directory. If no command, run /bin/sh. 19*cf5a6c84SAndroid Build Coastguard Worker */ 20*cf5a6c84SAndroid Build Coastguard Worker 21*cf5a6c84SAndroid Build Coastguard Worker #include "toys.h" 22*cf5a6c84SAndroid Build Coastguard Worker chroot_main(void)23*cf5a6c84SAndroid Build Coastguard Workervoid chroot_main(void) 24*cf5a6c84SAndroid Build Coastguard Worker { 25*cf5a6c84SAndroid Build Coastguard Worker char *binsh[] = {"/bin/sh", "-i", 0}; 26*cf5a6c84SAndroid Build Coastguard Worker 27*cf5a6c84SAndroid Build Coastguard Worker if (chdir(*toys.optargs) || chroot(".")) { 28*cf5a6c84SAndroid Build Coastguard Worker toys.exitval = 125; 29*cf5a6c84SAndroid Build Coastguard Worker perror_exit_raw(*toys.optargs); 30*cf5a6c84SAndroid Build Coastguard Worker } 31*cf5a6c84SAndroid Build Coastguard Worker if (toys.optargs[1]) xexec(toys.optargs+1); 32*cf5a6c84SAndroid Build Coastguard Worker else xexec(binsh); 33*cf5a6c84SAndroid Build Coastguard Worker } 34