In case of grsec kernel, make sure that we can actually see other
processes. If the system is restricted via "chroot_findtask" sysctl or
CONFIG_GRKERNSEC_PROC, rtkit won't be able to monitor other processes,
but the error message is just a generic "Operation not permitted".
Since this prevents rtkit from working at all, just fail fast and loud
at startup instead.
---
rtkit-daemon.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/rtkit-daemon.c b/rtkit-daemon.c
index 3ecc1f7..294736c 100644
--- a/rtkit-daemon.c
+++ b/rtkit-daemon.c
@@ -1759,6 +1759,7 @@ static int drop_privileges(void) {
}
if (do_chroot) {
+ FILE* init_stat;
/* Second, chroot() */
if (chroot("/proc") < 0 ||
@@ -1769,6 +1770,14 @@ static int drop_privileges(void) {
}
proc = "/";
+ init_stat = fopen("/1/stat", "r");
+ if (init_stat == NULL) {
+ r = -errno;
+ syslog(LOG_ERR, "Cannot see other processes in chroot. Check 'chroot_findtask' if using grsec, or use --no-chroot.\n");
+ return r;
+ }
+ fclose(init_stat);
+
syslog(LOG_DEBUG, "Successfully called chroot.\n");
}
--
2.7.0
