[PATCH] rtkit: Fail with explanation on grsec

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In case of grsec kernel, make sure that we can actually see other
processes.  If the system is restricted via "chroot_findtask" sysctl or
CONFIG_GRKERNSEC_PROC, rtkit won't be able to monitor other processes,
but the error message is just a generic "Operation not permitted".

Since this prevents rtkit from working at all, just fail fast and loud
at startup instead.
---
 rtkit-daemon.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/rtkit-daemon.c b/rtkit-daemon.c
index 3ecc1f7..294736c 100644
--- a/rtkit-daemon.c
+++ b/rtkit-daemon.c
@@ -1759,6 +1759,7 @@ static int drop_privileges(void) {
         }
 
         if (do_chroot) {
+                FILE* init_stat;
 
                 /* Second, chroot() */
                 if (chroot("/proc") < 0 ||
@@ -1769,6 +1770,14 @@ static int drop_privileges(void) {
                 }
                 proc = "/";
 
+                init_stat = fopen("/1/stat", "r");
+                if (init_stat == NULL) {
+                    r = -errno;
+                    syslog(LOG_ERR, "Cannot see other processes in chroot. Check 'chroot_findtask' if using grsec, or use --no-chroot.\n");
+                    return r;
+                }
+                fclose(init_stat);
+
                 syslog(LOG_DEBUG, "Successfully called chroot.\n");
         }
 
-- 
2.7.0



[Index of Archives]     [Linux Audio Users]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux