Kernel+LibC: Allow passing mount flags to chroot()

bugaevc · awesomekling · commit dd54d13d8d3b · 2020-01-12T20:02:11.000+01:00
Since a chroot is in many ways similar to a separate root mount, we can also
apply mount flags to it as if it was an actual mount. These flags will apply
whenever the chrooted process accesses its root directory, but not when other
processes access this same directory for the outside. Since it's common to
chdir("/") immediately after chrooting (so that files accessed through the
current directory inherit the same mount flags), this effectively allows one to
apply additional limitations to a process confined inside a chroot.

To this effect, sys$chroot() gains a mount_flags argument (exposed as
chroot_with_mount_flags() in userspace) which can be set to all the same values
as the flags argument for sys$mount(), and additionally to -1 to keep the flags
set for that file system. Note that passing 0 as mount_flags will unset any
flags that may have been set for the file system, not keep them.
diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
@@ -4337,8 +4337,9 @@ int Process::sys$chroot(const char* user_path, size_t path_length)
     if (directory_or_error.is_error())
         return directory_or_error.error();
     auto directory = directory_or_error.value();
-    m_root_directory_for_procfs = directory;
-    set_root_directory(Custody::create(nullptr, "", directory->inode(), directory->mount_flags()));
+    m_root_directory_relative_to_global_root = directory;
+    int chroot_mount_flags = mount_flags == -1 ? directory->mount_flags() : mount_flags;
+    set_root_directory(Custody::create(nullptr, "", directory->inode(), chroot_mount_flags));
     return 0;
 }
 
diff --git a/Kernel/Process.h b/Kernel/Process.h
@@ -254,7 +254,7 @@ class Process : public InlineLinkedListNode<Process>
     int sys$futex(const Syscall::SC_futex_params*);
     int sys$set_thread_boost(int tid, int amount);
     int sys$set_process_boost(pid_t, int amount);
-    int sys$chroot(const char* path, size_t path_length);
+    int sys$chroot(const char* path, size_t path_length, int mount_flags);
     int sys$pledge(const Syscall::SC_pledge_params*);
 
     static void initialize();
diff --git a/Libraries/LibC/unistd.cpp b/Libraries/LibC/unistd.cpp
@@ -644,12 +644,17 @@ int get_process_name(char* buffer, int buffer_size)
 }
 
 int chroot(const char* path)
+{
+    return chroot_with_mount_flags(path, -1);
+}
+
+int chroot_with_mount_flags(const char* path, int mount_flags)
 {
     if (!path) {
         errno = EFAULT;
         return -1;
     }
-    int rc = syscall(SC_chroot, path, strlen(path));
+    int rc = syscall(SC_chroot, path, strlen(path), mount_flags);
     __RETURN_WITH_ERRNO(rc, rc, -1);
 }
 
diff --git a/Libraries/LibC/unistd.h b/Libraries/LibC/unistd.h
@@ -52,6 +52,7 @@ int execvp(const char* filename, char* const argv[]);
 int execl(const char* filename, const char* arg, ...);
 int execlp(const char* filename, const char* arg, ...);
 int chroot(const char* path);
+int chroot_with_mount_flags(const char* path, int mount_flags);
 void sync();
 void _exit(int status);
 pid_t getsid(pid_t);

Original file line number	Diff line number	Diff line change
`@@ -644,12 +644,17 @@ int get_process_name(char* buffer, int buffer_size)`
`644`	`644`	`}`
`645`	`645`
`646`	`646`	`int chroot(const char* path)`
	`647`	`+{`
	`648`	`+ return chroot_with_mount_flags(path, -1);`
	`649`	`+}`
	`650`	`+`
	`651`	`+int chroot_with_mount_flags(const char* path, int mount_flags)`
`647`	`652`	`{`
`648`	`653`	`if (!path) {`
`649`	`654`	`errno = EFAULT;`
`650`	`655`	`return -1;`
`651`	`656`	`}`
`652`		`- int rc = syscall(SC_chroot, path, strlen(path));`
	`657`	`+ int rc = syscall(SC_chroot, path, strlen(path), mount_flags);`
`653`	`658`	`__RETURN_WITH_ERRNO(rc, rc, -1);`
`654`	`659`	`}`
`655`	`660`