diff options
Diffstat (limited to 'src/chroot-tools/librechroot')
-rwxr-xr-x | src/chroot-tools/librechroot | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/chroot-tools/librechroot b/src/chroot-tools/librechroot index 7c1c5a0..ccd8273 100755 --- a/src/chroot-tools/librechroot +++ b/src/chroot-tools/librechroot @@ -174,6 +174,13 @@ calculate_directories() { declare -p copydir } +check_mountpoint() { + local file=$1 + local mountpoint="$(df -P "$file"|sed '1d;s/.*\s//')" + local mountopts=($(LANG=C mount|awk "{ if (\$3==\"$mountpoint\") { gsub(/[(,)]/, \" \", \$6); print \$6 } }")) + ! in_array nosuid "${mountopts[@]}" && ! in_array noexec "${mountopts[@]}" +} + arch_nspawn_flags=() sysd_nspawn_flags=() arch-nspawn() { @@ -271,6 +278,11 @@ main() { lock 9 "$copydir.lock" \ "Waiting for existing lock on chroot copy to be released: [%s]" "$COPY" + if ! check_mountpoint "$copydir.lock"; then + error "Chroot copy is mounted with nosuid or noexec options: [%s]" "$COPY" + return 1 + fi + if [[ ! -d $rootdir ]]; then msg "Creating 'root' copy for chroot [%s]" "$CHROOT" set +u # if an array is empty, it counts as unbound |