10f66f451Sopenharmony_ci/* chroot.c - Run command in new root directory. 20f66f451Sopenharmony_ci * 30f66f451Sopenharmony_ci * Copyright 2007 Rob Landley <rob@landley.net> 40f66f451Sopenharmony_ci * 50f66f451Sopenharmony_ci * TODO: The test for root is "==" so root can trivially escape a chroot by 60f66f451Sopenharmony_ci * moving it below cwd, ala mkdir("sub"); chroot("sub"); chdir("../../../..") 70f66f451Sopenharmony_ci * The container guys use pivot_root() to deal with this, which does actually 80f66f451Sopenharmony_ci * edit mount tree. (New option? Kernel patch?) 90f66f451Sopenharmony_ci 100f66f451Sopenharmony_ciUSE_CHROOT(NEWTOY(chroot, "^<1", TOYFLAG_USR|TOYFLAG_SBIN|TOYFLAG_ARGFAIL(125))) 110f66f451Sopenharmony_ci 120f66f451Sopenharmony_ciconfig CHROOT 130f66f451Sopenharmony_ci bool "chroot" 140f66f451Sopenharmony_ci default y 150f66f451Sopenharmony_ci help 160f66f451Sopenharmony_ci usage: chroot NEWROOT [COMMAND [ARG...]] 170f66f451Sopenharmony_ci 180f66f451Sopenharmony_ci Run command within a new root directory. If no command, run /bin/sh. 190f66f451Sopenharmony_ci*/ 200f66f451Sopenharmony_ci 210f66f451Sopenharmony_ci#include "toys.h" 220f66f451Sopenharmony_ci 230f66f451Sopenharmony_civoid chroot_main(void) 240f66f451Sopenharmony_ci{ 250f66f451Sopenharmony_ci char *binsh[] = {"/bin/sh", "-i", 0}; 260f66f451Sopenharmony_ci 270f66f451Sopenharmony_ci if (chdir(*toys.optargs) || chroot(".")) { 280f66f451Sopenharmony_ci toys.exitval = 125; 290f66f451Sopenharmony_ci perror_exit_raw(*toys.optargs); 300f66f451Sopenharmony_ci } 310f66f451Sopenharmony_ci if (toys.optargs[1]) xexec(toys.optargs+1); 320f66f451Sopenharmony_ci else xexec(binsh); 330f66f451Sopenharmony_ci} 34