nspawn: don't accept just any tree to execute
When invoked without -D in an arbitrary directory we should not try to execute anything, make some validity checks first.
This commit is contained in:
parent
9fccdb0f64
commit
6b9132a9c4
|
@ -1555,9 +1555,21 @@ int main(int argc, char *argv[]) {
|
||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (arg_boot && path_is_os_tree(arg_directory) <= 0) {
|
if (arg_boot) {
|
||||||
log_error("Directory %s doesn't look like an OS root directory (/etc/os-release is missing). Refusing.", arg_directory);
|
if (path_is_os_tree(arg_directory) <= 0) {
|
||||||
goto finish;
|
log_error("Directory %s doesn't look like an OS root directory (/etc/os-release is missing). Refusing.", arg_directory);
|
||||||
|
goto finish;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
const char *p;
|
||||||
|
|
||||||
|
p = strappenda(arg_directory,
|
||||||
|
argc > optind && path_is_absolute(argv[optind]) ? argv[optind] : "/usr/bin/");
|
||||||
|
if (access(p, F_OK) < 0) {
|
||||||
|
log_error("Directory %s lacks the binary to execute or doesn't look like a binary tree. Refusing.", arg_directory);
|
||||||
|
goto finish;
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
log_close();
|
log_close();
|
||||||
|
|
Loading…
Reference in a new issue