diff options
| author | Daniel Golle | 2020-10-28 11:59:10 +0000 |
|---|---|---|
| committer | Daniel Golle | 2020-10-28 13:47:27 +0000 |
| commit | e1fcfdcd884ef9ecf8c45d70f9ebda37286500e0 (patch) | |
| tree | 80f1f4cdec30ff7aba0d884748d30bbb45a0c181 | |
| parent | 6963d5032b51739ad953064da035d1a74c61f7cb (diff) | |
| download | procd-e1fcfdcd884ef9ecf8c45d70f9ebda37286500e0.tar.gz | |
jail: add support for absolute root path in OCI spec
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
| -rw-r--r-- | jail/jail.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/jail/jail.c b/jail/jail.c index 99841af..012d954 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -1306,25 +1306,32 @@ static const struct blobmsg_policy oci_root_policy[] = { static int parseOCIroot(const char *jsonfile, struct blob_attr *msg) { - static char rootpath[PATH_MAX] = { 0 }; + static char extroot[PATH_MAX] = { 0 }; struct blob_attr *tb[__OCI_ROOT_MAX]; char *cur; + char *root_path; blobmsg_parse(oci_root_policy, __OCI_ROOT_MAX, tb, blobmsg_data(msg), blobmsg_len(msg)); if (!tb[OCI_ROOT_PATH]) return ENODATA; - strncpy(rootpath, jsonfile, PATH_MAX); - cur = strrchr(rootpath, '/'); + root_path = blobmsg_get_string(tb[OCI_ROOT_PATH]); - if (!cur) - return ENOTDIR; + /* prepend bundle directory in case of relative paths */ + if (root_path[0] != '/') { + strncpy(extroot, jsonfile, PATH_MAX); + cur = strrchr(extroot, '/'); - *(++cur) = '\0'; - strncat(rootpath, blobmsg_get_string(tb[OCI_ROOT_PATH]), PATH_MAX - (strlen(rootpath) + 1)); + if (!cur) + return ENOTDIR; - opts.extroot = rootpath; + *(++cur) = '\0'; + } + + strncat(extroot, root_path, PATH_MAX - (strlen(extroot) + 1)); + + opts.extroot = extroot; if (tb[OCI_ROOT_READONLY]) opts.ronly = blobmsg_get_bool(tb[OCI_ROOT_READONLY]); |