chrootenv: resolve potential race condition

NixOS · Dec 28, 2017 · 25b35f4 · 25b35f4
1 parent 7798051
commit 25b35f4
Showing 1 changed file with 8 additions and 12 deletions.
diff --git a/pkgs/build-support/build-fhs-userenv/chrootenv.c b/pkgs/build-support/build-fhs-userenv/chrootenv.c
@@ -124,16 +124,6 @@ int nftw_remove(const char *path, const struct stat *sb, int type,
   return remove(path);
 }
 
-char *root;
-
-void root_cleanup() {
-  if (nftw(root, nftw_remove, getdtablesize(),
-           FTW_DEPTH | FTW_MOUNT | FTW_PHYS) < 0)
-    errorf(EX_IOERR, "nftw(%s)", root);
-
-  free(root);
-}
-
 #define REQUIREMENTS                                                           \
   "Requires Linux version >= 3.19 built with CONFIG_USER_NS option.\n"
 
@@ -158,6 +148,8 @@ int main(int argc, char *argv[]) {
   if (temp == NULL)
     temp = "/tmp";
 
+  char *root;
+
   if (asprintf(&root, "%s/chrootenvXXXXXX", temp) < 0)
     errorf(EX_IOERR, "asprintf");
 
@@ -166,8 +158,6 @@ int main(int argc, char *argv[]) {
   if (root == NULL)
     errorf(EX_IOERR, "mkdtemp(%s)", root);
 
-  atexit(root_cleanup);
-
   // Don't make root private so that privilege drops inside chroot are possible:
   if (chmod(root, 0755) < 0)
     errorf(EX_IOERR, "chmod(%s, 0755)", root);
@@ -232,6 +222,12 @@ int main(int argc, char *argv[]) {
   if (waitpid(cpid, &status, 0) < 0)
     errorf(EX_OSERR, "waitpid(%d)", cpid);
 
+  if (nftw(root, nftw_remove, getdtablesize(),
+           FTW_DEPTH | FTW_MOUNT | FTW_PHYS) < 0)
+    errorf(EX_IOERR, "nftw(%s)", root);
+
+  free(root);
+
   if (WIFEXITED(status)) {
     return WEXITSTATUS(status);
   } else if (WIFSIGNALED(status)) {