summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-10-22 01:33:06 +0200
committerLennart Poettering <lennart@poettering.net>2015-10-22 01:59:25 +0200
commit16fb773ee33a5b4e85605bf18a0572bead1b8224 (patch)
treeb3474660b42d69cc5a2d68c665c77d8aa23a978a
parent0e2656744f6d2e2cf65788a497f266d469865e30 (diff)
nspawn: don't try to resolve passed binary before entering namespace
Othewise we might follow the symlinks on the host, instead of the container. Fixes #1400
-rw-r--r--src/nspawn/nspawn.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 4093f58e3d..99e24cf4ff 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3148,10 +3148,9 @@ int main(int argc, char *argv[]) {
} else {
const char *p;
- p = strjoina(arg_directory,
- argc > optind && path_is_absolute(argv[optind]) ? argv[optind] : "/usr/bin/");
- if (access(p, F_OK) < 0) {
- log_error("Directory %s lacks the binary to execute or doesn't look like a binary tree. Refusing.", arg_directory);
+ p = strjoina(arg_directory, "/usr/");
+ if (laccess(p, F_OK) < 0) {
+ log_error("Directory %s doesn't look like it has an OS tree. Refusing.", arg_directory);
r = -EINVAL;
goto finish;
}