diff options
author | Guido Günther <agx@sigxcpu.org> | 2012-02-08 18:23:04 +0100 |
---|---|---|
committer | Guido Günther <agx@sigxcpu.org> | 2012-02-08 18:37:16 +0100 |
commit | 97172005b2f3a30c1158c852b566a67f0ad3ec99 (patch) | |
tree | 12a3967ec0717a9b121e02f261be4af5f1f104d7 | |
parent | 2fc4078bc842efa253f84398fad8e655a3714568 (diff) |
Chroot iodine
-rw-r--r-- | src/nm-iodine-service.c | 9 | ||||
-rw-r--r-- | src/nm-iodine-service.h | 2 |
2 files changed, 9 insertions, 2 deletions
diff --git a/src/nm-iodine-service.c b/src/nm-iodine-service.c index 4c97581..14f20f3 100644 --- a/src/nm-iodine-service.c +++ b/src/nm-iodine-service.c @@ -45,6 +45,9 @@ #include "nm-iodine-service.h" #include "nm-utils.h" +#define NM_IODINE_USER "nm-iodine" +#define NM_IODINE_RUNDIR LOCALSTATEDIR "/run/" NM_IODINE_USER + G_DEFINE_TYPE (NMIODINEPlugin, nm_iodine_plugin, NM_TYPE_VPN_PLUGIN) typedef struct { @@ -479,6 +482,12 @@ nm_iodine_start_iodine_binary(NMIODINEPlugin *plugin, } else g_warning("Running as root user"); + if (!g_mkdir_with_parents(NM_IODINE_RUNDIR, 700)) { + g_ptr_array_add (iodine_argv, (gpointer) "-t"); + g_ptr_array_add (iodine_argv, (gpointer) NM_IODINE_RUNDIR); + } else + g_warning("Not running chrooted"); + if (props_nameserver && strlen(props_nameserver)) g_ptr_array_add (iodine_argv, (gpointer) props_nameserver); diff --git a/src/nm-iodine-service.h b/src/nm-iodine-service.h index f82e282..48e2e46 100644 --- a/src/nm-iodine-service.h +++ b/src/nm-iodine-service.h @@ -52,6 +52,4 @@ GType nm_iodine_plugin_get_type (void); NMIODINEPlugin *nm_iodine_plugin_new (void); -#define NM_IODINE_USER "nm-iodine" - #endif /* NM_IODINE_PLUGIN_H */ |