fsdev: fix virtfs-proxy-helper cwd

Since chroot() doesn't change the current directory, it is indeed a good practice to chdir() to the target directory and then then chroot(), or to chroot() to the target directory and then chdir("/"). The current code does neither of them actually. Let's go for the latter. This doesn't fix any security issue since all of this takes place before the helper begins to process requests. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com>
author: Greg Kurz <groug@kaod.org> 2017-05-25 10:30:13 +0200
committer: Greg Kurz <groug@kaod.org> 2017-05-25 10:30:13 +0200
commit: 4be56c19593c15bc8d16abcb63bfdd4697a5754d (patch)
tree: de1683a06b16b1757ab08304debfd1aab355c47b
parent: 6a87e7929f97b86c5823d4616fa1aa7636b2f116 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index 54f7ad1c48..4c4238f62e 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -1129,14 +1129,14 @@ int main(int argc, char **argv)
         }
     }
 
-    if (chdir("/") < 0) {
-        do_perror("chdir");
-        goto error;
-    }
     if (chroot(rpath) < 0) {
         do_perror("chroot");
         goto error;
     }
+    if (chdir("/") < 0) {
+        do_perror("chdir");
+        goto error;
+    }
 
     get_version = false;
 #ifdef FS_IOC_GETVERSION
author	Greg Kurz <groug@kaod.org>	2017-05-25 10:30:13 +0200
committer	Greg Kurz <groug@kaod.org>	2017-05-25 10:30:13 +0200
commit	4be56c19593c15bc8d16abcb63bfdd4697a5754d (patch)
tree	de1683a06b16b1757ab08304debfd1aab355c47b
parent	6a87e7929f97b86c5823d4616fa1aa7636b2f116 (diff)