diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-10-22 01:33:06 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-10-22 01:59:25 +0200 |
commit | 16fb773ee33a5b4e85605bf18a0572bead1b8224 (patch) | |
tree | b3474660b42d69cc5a2d68c665c77d8aa23a978a | |
parent | 0e2656744f6d2e2cf65788a497f266d469865e30 (diff) |
nspawn: don't try to resolve passed binary before entering namespace
Othewise we might follow the symlinks on the host, instead of the
container.
Fixes #1400
-rw-r--r-- | src/nspawn/nspawn.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 4093f58e3d..99e24cf4ff 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3148,10 +3148,9 @@ int main(int argc, char *argv[]) { } else { const char *p; - p = strjoina(arg_directory, - argc > optind && path_is_absolute(argv[optind]) ? argv[optind] : "/usr/bin/"); - if (access(p, F_OK) < 0) { - log_error("Directory %s lacks the binary to execute or doesn't look like a binary tree. Refusing.", arg_directory); + p = strjoina(arg_directory, "/usr/"); + if (laccess(p, F_OK) < 0) { + log_error("Directory %s doesn't look like it has an OS tree. Refusing.", arg_directory); r = -EINVAL; goto finish; } |