1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 15:57:45 +00:00

Kernel: Add a basic chroot() syscall :^)

The chroot() syscall now allows the superuser to isolate a process into
a specific subtree of the filesystem. This is not strictly permanent,
as it is also possible for a superuser to break *out* of a chroot, but
it is a useful mechanism for isolating unprivileged processes.

The VFS now uses the current process's root_directory() as the root for
path resolution purposes. The root directory is stored as an uncached
Custody in the Process object.
This commit is contained in:
Andreas Kling 2020-01-10 23:14:04 +01:00
parent 944fbf507a
commit ddd0b19281
7 changed files with 63 additions and 8 deletions

View file

@ -229,6 +229,7 @@ public:
int sys$futex(const Syscall::SC_futex_params*);
int sys$set_thread_boost(int tid, int amount);
int sys$set_process_boost(pid_t, int amount);
int sys$chroot(const char* path, size_t path_length);
static void initialize();
@ -309,6 +310,9 @@ public:
u32 priority_boost() const { return m_priority_boost; }
Custody& root_directory();
void set_root_directory(const Custody&);
private:
friend class MemoryManager;
friend class Scheduler;
@ -369,6 +373,7 @@ private:
RefPtr<Custody> m_executable;
RefPtr<Custody> m_cwd;
RefPtr<Custody> m_root_directory;
RefPtr<TTY> m_tty;