Chroot iodine

2 files changed, 9 insertions, 2 deletions

diff --git a/src/nm-iodine-service.c b/src/nm-iodine-service.c
index 4c97581..14f20f3 100644
--- a/src/nm-iodine-service.c
+++ b/src/nm-iodine-service.c
@@ -45,6 +45,9 @@
 #include "nm-iodine-service.h"
 #include "nm-utils.h"
 
+#define NM_IODINE_USER "nm-iodine"
+#define NM_IODINE_RUNDIR LOCALSTATEDIR "/run/" NM_IODINE_USER
+
 G_DEFINE_TYPE (NMIODINEPlugin, nm_iodine_plugin, NM_TYPE_VPN_PLUGIN)
 
 typedef struct {
@@ -479,6 +482,12 @@ nm_iodine_start_iodine_binary(NMIODINEPlugin *plugin,
 	} else
 		g_warning("Running as root user");
 
+	if (!g_mkdir_with_parents(NM_IODINE_RUNDIR, 700)) {
+		g_ptr_array_add (iodine_argv, (gpointer) "-t");
+		g_ptr_array_add (iodine_argv, (gpointer) NM_IODINE_RUNDIR);
+	} else
+		g_warning("Not running chrooted");
+
 	if (props_nameserver && strlen(props_nameserver))
 		g_ptr_array_add (iodine_argv, (gpointer) props_nameserver);
 
diff --git a/src/nm-iodine-service.h b/src/nm-iodine-service.h
index f82e282..48e2e46 100644
--- a/src/nm-iodine-service.h
+++ b/src/nm-iodine-service.h
@@ -52,6 +52,4 @@ GType nm_iodine_plugin_get_type (void);
 
 NMIODINEPlugin *nm_iodine_plugin_new (void);
 
-#define NM_IODINE_USER "nm-iodine"
-
 #endif /* NM_IODINE_PLUGIN_H */