diff --git a/cmdline.c b/cmdline.c index ae2c780..d789a35 100644 --- a/cmdline.c +++ b/cmdline.c @@ -368,6 +368,7 @@ bool cmdlineParse(int argc, char* argv[], struct nsjconf_t* nsjconf) .iface_vs_gw = "0.0.0.0", .kafel_file = NULL, .kafel_string = NULL, + .orig_uid = getuid(), .num_cpus = sysconf(_SC_NPROCESSORS_ONLN), }; diff --git a/mount.c b/mount.c index 7cce75d..1269f75 100644 --- a/mount.c +++ b/mount.c @@ -266,9 +266,9 @@ static bool mountMkdirAndTest(const char* dir) return true; } -static bool mountGetDir(char* dir, const char* name) +static bool mountGetDir(struct nsjconf_t* nsjconf, char* dir, const char* name) { - snprintf(dir, PATH_MAX, "/dev/shm/nsjail.%s", name); + snprintf(dir, PATH_MAX, "/run/user/%u/nsjail.%s", nsjconf->orig_uid, name); if (mountMkdirAndTest(dir)) { return true; } @@ -278,11 +278,15 @@ static bool mountGetDir(char* dir, const char* name) } const char* tmp = getenv("TMPDIR"); if (tmp) { - snprintf(dir, PATH_MAX, "%s/nsjail.%s", name, tmp); + snprintf(dir, PATH_MAX, "%s/nsjail.%s", tmp, name); if (mountMkdirAndTest(dir)) { return true; } } + snprintf(dir, PATH_MAX, "/dev/shm/nsjail.%s", name); + if (mountMkdirAndTest(dir)) { + return true; + } snprintf(dir, PATH_MAX, "/tmp/nsjail.%s.%" PRIx64, name, utilRnd64()); if (mountMkdirAndTest(dir)) { return true; @@ -321,7 +325,7 @@ static bool mountInitNsInternal(struct nsjconf_t* nsjconf) } char destdir[PATH_MAX]; - if (mountGetDir(destdir, "root") == false) { + if (mountGetDir(nsjconf, destdir, "root") == false) { LOG_E("Couldn't obtain root mount directories"); return false; } @@ -337,7 +341,7 @@ static bool mountInitNsInternal(struct nsjconf_t* nsjconf) } char tmpdir[PATH_MAX]; - if (mountGetDir(tmpdir, "tmp") == false) { + if (mountGetDir(nsjconf, tmpdir, "tmp") == false) { LOG_E("Couldn't obtain temporary mount directories"); return false; } diff --git a/nsjail.h b/nsjail.h index 910bc1d..2eb7459 100644 --- a/nsjail.h +++ b/nsjail.h @@ -160,8 +160,8 @@ struct nsjconf_t { size_t cgroup_pids_max; FILE* kafel_file; char* kafel_string; - uid_t orig_euid; long num_cpus; + uid_t orig_uid; TAILQ_HEAD(udmaplist, idmap_t) uids; TAILQ_HEAD(gdmaplist, idmap_t)