summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsrc/chroot-tools/librechroot12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/chroot-tools/librechroot b/src/chroot-tools/librechroot
index 7c1c5a0..ccd8273 100755
--- a/src/chroot-tools/librechroot
+++ b/src/chroot-tools/librechroot
@@ -174,6 +174,13 @@ calculate_directories() {
declare -p copydir
}
+check_mountpoint() {
+ local file=$1
+ local mountpoint="$(df -P "$file"|sed '1d;s/.*\s//')"
+ local mountopts=($(LANG=C mount|awk "{ if (\$3==\"$mountpoint\") { gsub(/[(,)]/, \" \", \$6); print \$6 } }"))
+ ! in_array nosuid "${mountopts[@]}" && ! in_array noexec "${mountopts[@]}"
+}
+
arch_nspawn_flags=()
sysd_nspawn_flags=()
arch-nspawn() {
@@ -271,6 +278,11 @@ main() {
lock 9 "$copydir.lock" \
"Waiting for existing lock on chroot copy to be released: [%s]" "$COPY"
+ if ! check_mountpoint "$copydir.lock"; then
+ error "Chroot copy is mounted with nosuid or noexec options: [%s]" "$COPY"
+ return 1
+ fi
+
if [[ ! -d $rootdir ]]; then
msg "Creating 'root' copy for chroot [%s]" "$CHROOT"
set +u # if an array is empty, it counts as unbound